polish-code
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes project-specific scripts for formatting, linting, and testing (e.g., in Step 2). This is standard behavior for code-refinement tools but involves executing commands defined within the target project's environment.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted project code.
- Ingestion points: Project code is ingested via
git diff --cachedin Steps 3, 4, and 7 ofSKILL.md. - Boundary markers: No explicit boundary markers or 'ignore' instructions for embedded data are defined in this orchestration skill.
- Capability inventory: The skill can execute shell commands (formatter/linter/tests), invoke other skills (Step 1-6), and delegate tasks to subagents (Step 7).
- Sanitization: There is no evidence of sanitization or filtering of the ingested code before it is passed to other skills or subagents.
- [REMOTE_CODE_EXECUTION]: Step 7 delegates smoke test execution to a subagent using the Agent tool (
model: "opus"), which involves the subagent potentially executing code to verify changes.
Audit Metadata