polish
Warn
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands defined in the project's configuration (CLAUDE.md) or provided by the user to perform linting and type-checking (e.g., pnpm check, cargo clippy). These commands run with the agent's permissions on the host system.- [DYNAMIC_CONTEXT_INJECTION]: The SKILL.md file utilizes dynamic context injection to display the current git branch and uncommitted changes status upon loading. The commands used (git rev-parse and git diff) are benign and used for informational purposes.- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the local codebase to perform its review. Adversarial content within analyzed files could potentially influence the agent's judgment or the code fixes it generates.
- Ingestion points: Codebase content is ingested via git diff and by reading full file contents in Phase 2 and Phase 4.
- Boundary markers: None. The skill does not use specific delimiters or instructions to distinguish code content from instructions.
- Capability inventory: The skill can execute shell commands (Phase 1 validation) and modify local files (Phase 6 fixes).
- Sanitization: No sanitization or filtering of the ingested file content is performed before processing.
Audit Metadata