refactor
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external source code files which are inherently untrusted data. This creates an indirect prompt injection surface where malicious instructions embedded in the code could influence the agent's behavior during the refactoring process.
- Ingestion points: The skill reads file content using
cat,grep, andawkin SKILL.md. - Boundary markers: The skill does not define clear delimiters or 'ignore embedded instructions' warnings for the untrusted code content.
- Capability inventory: The skill has access to the
Bashtool, allowing it to execute arbitrary commands, including running tests (npm test,pytest,go test) and linters (eslint) in SKILL.md. - Sanitization: There is no explicit sanitization, escaping, or validation of the file content before it is processed by the agent.
Audit Metadata