code-polish
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill identifies a workflow for processing code, which is an untrusted data source. This creates an indirect prompt injection surface where malicious comments in the code could attempt to influence agent behavior. However, this file is an orchestration layer and does not contain logic to directly execute or mitigate such injections. 1. Ingestion points: User-provided code or files passed through $ARGUMENTS. 2. Boundary markers: None defined in this file. 3. Capability inventory: Orchestrates code-simplify and code-review --fix. 4. Sanitization: None identified in this orchestration layer.
- [No Code] (SAFE): The skill consists entirely of markdown instructions and metadata. No scripts (Python, JS, Shell) or binaries are included, eliminating the risk of direct malicious code execution from this specific skill folder.
Audit Metadata