Skills
skills/akillness/oh-my-gods/code-refactoring/Gen Agent Trust Hub

code-refactoring

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for code validation and testing.
  • Evidence: Step B in SKILL.md includes commands such as npm test -- --coverage, npx tsc --noEmit, and npm run lint.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the lack of input sanitization when processing untrusted code.
  • Ingestion points: The skill processes user-provided source code for refactoring and analysis (implicitly via agent context).
  • Boundary markers: None. There are no instructions to the agent to ignore instructions embedded within the code being refactored.
  • Capability inventory: The skill utilizes shell execution capabilities (npm test, npx tsc, npm run lint) and multi-agent coordination (ask-gemini, codex-cli).
  • Sanitization: Absent. The skill does not describe any methods for escaping or validating the content of the code before processing or executing tests.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 01:49 PM