refactor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No malicious instructions or bypass attempts detected in the prompt logic.
- Data Exposure & Exfiltration (SAFE): The skill performs local file operations for refactoring purposes; no unauthorized data access or external network calls are present.
- Unverifiable Dependencies (SAFE): While the skill suggests using external libraries like 'focus-trap-react' for accessibility patterns, it explicitly instructs the agent to ask the user before adding dependencies.
- Indirect Prompt Injection (SAFE): The skill reads external code files, which is a known attack surface, but there are no indicators of malicious intent or lack of control over tool usage. Evidence Chain: 1. Ingestion points: Reads files via Read/Glob tools. 2. Boundary markers: Not explicitly defined. 3. Capability inventory: Write, Edit, and Task permissions. 4. Sanitization: Relies on LLM reasoning and user confirmation guidelines.
Audit Metadata