slide-ko-polish
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. Untrusted content from user-provided slide files is interpolated into prompts for external LLM CLIs (Claude, Codex, Gemini) in
verify.shandpolish-loop.shwithout sanitization. - Ingestion points: Slide content is extracted from files provided as arguments to
verify.shandpolish-loop.sh. - Boundary markers: The content is placed under headers like
[슬라이드 텍스트]or[LLM 리뷰 발견 사항], but lacks strict escape sequences. - Capability inventory: The
polish-loop.shscript specifically invokes theclaudeCLI with--allowed-tools "Edit Read Grep", granting the LLM the ability to modify local files based on potentially malicious instructions embedded in the slides. - Sanitization: None detected. The scripts perform text extraction but do not filter for prompt-altering instructions.
- [COMMAND_EXECUTION]: The skill relies on shell scripts (
verify.sh,polish-loop.sh) that execute system commands and external developer tools. - Execution details:
polish-loop.shdynamically detects and executesclaude,codex, orgeminiCLI tools. It grants these tools permissions to read and edit files in the working directory (--add-dir,exec --cwd). - Subprocess usage: Extensive use of
grep,sed,perl, andawkto process file content and LLM outputs.
Audit Metadata