polish-by-diff

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses bash to execute local file system commands (ls, mkdir, cp, diff, md5sum, grep). These operations are restricted to the manuscript directory and are required for the skill's file management and review workflow.
  • [PROMPT_INJECTION]: The skill processes untrusted manuscript files and interpolates their content into prompts for subagents. This constitutes an indirect prompt injection surface.
  • Ingestion points: Reads .tex and .md manuscript files from .writing/manuscript/ via the Read tool.
  • Boundary markers: Use of structured headers (## Inputs, ## Outputs) in subagent prompt templates.
  • Capability inventory: Subagents call polish skills; main agent uses Edit, Bash, and Grep tools.
  • Sanitization: No explicit sanitization or escaping of the manuscript content is performed before it is sent to subagents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:55 PM
Security Audit — agent-trust-hub — polish-by-diff