polish-skills
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The
grammar-checker-guide/SKILL.mdfile includes code to interact with the LanguageTool API (api.languagetool.org). This involves sending manuscript text to a well-known external service for automated analysis. The risk is addressed by the skill's own documentation, which advises users on privacy considerations, mentions data retention policies, and suggests using self-hosted or local alternatives for sensitive research. - [PROMPT_INJECTION]: The
academic-translation-guide/SKILL.mdskill defines a prompt template that interpolates external text for translation. This creates a surface for indirect prompt injection where instructions embedded in the source text could attempt to influence the agent. However, as this is an instructional guide for translation and does not expose sensitive system capabilities or files to the translation output, the risk is negligible. - Ingestion points: The
{source_text}parameter in the translation prompt template (academic-translation-guide/SKILL.md). - Boundary markers: None provided in the template example.
- Capability inventory: The skill describes text-processing workflows and does not execute dangerous system commands or file modifications based on the translated text.
- Sanitization: The instructional code does not include explicit input sanitization.
Audit Metadata