polish
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection in the
SKILL.mdheader to retrieve the current git branch and a summary of changes usinggit rev-parseandgit diff. These are benign informational commands. - [COMMAND_EXECUTION]: The skill dynamically identifies and executes project-specific validation commands (e.g.,
pnpm check,cargo clippy) based on instructions found in the repository'sCLAUDE.mdfile. This is standard and expected behavior for a developer productivity tool. - [PROMPT_INJECTION]: The skill ingests untrusted data from local source files and git diffs to generate its reports. While this presents a surface for indirect prompt injection, the risk is mitigated by the skill's requirement for explicit user approval before any automated fixes are applied.
- Ingestion points: Reads all changed files and git diff output (Phase 2).
- Boundary markers: No explicit delimiters or "ignore embedded instructions" warnings are used when passing content to the analysis agents.
- Capability inventory: Modifies local files (Phase 5) and executes shell commands for project validation (Phase 1).
- Sanitization: No sanitization or escaping is performed on the ingested code content.
- [SAFE]: No signs of data exfiltration, obfuscation, or persistence mechanisms were found. The skill operates locally and maintains a human-in-the-loop workflow for all impactful actions.
Audit Metadata