team-polish
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion and processing pipeline.
- Ingestion points: The skill ingests untrusted data via the
[feature or area to polish]argument and by reading local project files (e.g., source code, GDDs, performance reports) as indicated by the use ofRead,Glob, andGreptools. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the ingested data during prompt interpolation.
- Capability inventory: The skill possesses significant capabilities, including the ability to execute shell commands (
Bash), spawn additional subagents with arbitrary prompts (Task), and modify the filesystem (Write,Edit). - Sanitization: There is no evidence of sanitization, validation, or escaping of external content before it is passed to subagents or used in task definitions.
Audit Metadata