agent-md-refactor
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions designed to override agent behavior, bypass safety filters, or extract system prompts were detected.
- [Indirect Prompt Injection] (LOW): This skill defines a workflow to ingest and refactor untrusted instruction files (AGENTS.md, CLAUDE.md). (1) Ingestion points: Reads existing instruction files. (2) Boundary markers: Encourages structured markdown but lacks explicit sanitization. (3) Capability inventory: Involves file read and write operations. (4) Sanitization: None. While this constitutes an injection surface, the risk is inherent to the documentation task and the skill itself is passive.
- [Data Exposure] (SAFE): No patterns for accessing sensitive file paths (~/.ssh, .env) or hardcoded credentials were found. It recommends analyzing standard project metadata like package.json for context.
- [Unverifiable Dependencies] (SAFE): No remote code execution or external package installations are performed or referenced.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyph-based evasion techniques were identified.
Audit Metadata