refactor-ops
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted source code from the user repository, which creates an indirect prompt injection attack surface where malicious instructions could be embedded in code or comments. (1) Ingestion points: File contents are ingested into the agent context via the Read, Glob, and Grep tools. (2) Boundary markers: The instructions lack specific delimiters or warnings to ignore embedded instructions within the processed code. (3) Capability inventory: The skill utilizes Bash, Write, and Edit tools, which provide the capability to execute commands or modify files. (4) Sanitization: No sanitization or validation of the ingested content is performed before processing.
- [COMMAND_EXECUTION]: The skill relies on the Bash tool to run various third-party command-line utilities for linting, complexity analysis, and structural code searching.
- [EXTERNAL_DOWNLOADS]: The skill suggests the installation and use of several well-known developer tools and packages from standard registries such as NPM and PyPI.
Audit Metadata