polish
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including
gitfor repository status and diffing, as well as project-defined validation tools likepnpm,cargo, orruff. These operations are conducted within the local environment as part of the primary code review and fix workflow.\n- [PROMPT_INJECTION]: The skill analyzes uncommitted code and local files, creating a surface for indirect prompt injection where malicious instructions inside the codebase could attempt to influence the agent's analysis.\n - Ingestion points: Changed files and git diffs are read from the repository in Phase 2 using
git diff.\n - Boundary markers: The skill does not employ specific delimiters or warnings to isolate ingested code content from the agent's instructions.\n
- Capability inventory: The skill has permissions to write to the filesystem and execute shell commands for linting and fixing as described in Phase 1 and Phase 5.\n
- Sanitization: There is no sanitization of code content before it is processed by the analysis agents.\n- [SAFE]: The skill utilizes dynamic context injection (
!command) inSKILL.mdto display the current git branch and a summary of uncommitted changes. These commands are benign, use hardcoded parameters, and do not incorporate user input.\n- [SAFE]: The workflow incorporates a human-in-the-loop requirement, explicitly halting for user approval before proceeding to apply any automated fixes to the source code.
Audit Metadata