polish-vn
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security vulnerabilities or malicious patterns were identified in the skill. It is designed for linguistic processing and follows clear procedural rules.
- [COMMAND_EXECUTION]: The skill includes several TypeScript utility scripts (e.g.,
manifest-sync.ts,scaffold-eval-loop.ts) designed to run in the Bun environment. These scripts perform local file operations such as creating directories and writing JSON/TSV metadata. They include robust security checks, such as usingrealpathSyncto prevent path traversal and explicitly refusing to follow symbolic links (lstatSync(path).isSymbolicLink()) to protect against link-based attacks. - [PROMPT_INJECTION]: The agent instruction files focus on register calibration and translation artifact detection. They do not contain any instructions that attempt to bypass safety guidelines or override the agent's core programming.
- [DATA_EXFILTRATION]: All file operations are restricted to the local project directories (
docs/forsvnand.forsvn). There are no network requests to untrusted external domains for data exfiltration. - [SAFE]: The skill process involves analyzing user-provided Vietnamese text. It mitigates potential indirect prompt injection by enforcing strict meaning preservation rules and using a critic agent to verify the output against the original source.
Audit Metadata