code-polish
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides a structured workflow for code maintenance by orchestrating existing local tools.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill processes external repository code, which is an untrusted data source. This is a standard characteristic for code analysis tools.\n
- Ingestion points: File paths are resolved via git commands in SKILL.md.\n
- Boundary markers: No explicit delimiters for untrusted code are defined in the orchestration instructions.\n
- Capability inventory: Actions are limited to calling internal skills (code-simplify, code-review) to refactor code.\n
- Sanitization: The orchestrator relies on the sub-skills for content handling and does not perform independent sanitization.
Audit Metadata