polish-code
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Step 2 involves running the project's own formatter, linter, and test suite. This executes local scripts present in the repository environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes code content which could contain adversarial instructions.
- Ingestion points: Code content is ingested through git diff and skill invocations in Steps 2, 3, 4, and 7.
- Boundary markers: The instructions do not specify delimiters or safety prompts to prevent the agent from following instructions found within the project code.
- Capability inventory: The skill can execute shell commands for testing and formatting, and it can spawn subagents via the Agent tool.
- Sanitization: There is no evidence of sanitization or filtering of the ingested code data.
Audit Metadata