polish
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted novel content and performs subsequent file operations based on that input.
- Ingestion points: Novel chapters and user-provided text snippets are ingested for polishing in
SKILL.md. - Boundary markers: The instructions lack explicit delimiters or safety warnings to ignore embedded instructions within the processed chapters.
- Capability inventory: The agent is instructed to perform file-write operations to the
.sumeru/polish/directory across multiple file types (txt, json, md). - Sanitization: No validation or sanitization of the novel content is specified before the agent performs rewriting or summarization tasks.
- [COMMAND_EXECUTION]: The skill defines an automated data persistence workflow that requires the agent to perform recurring file system operations, specifically creating and updating files in the hidden
.sumeru/polish/directory. - [NO_CODE]: This skill consists entirely of natural language instructions in Markdown format without external scripts or binary executables.
Audit Metadata