code-refactoring
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions define a comprehensive and safe process for code refactoring, emphasizing behavior preservation and incremental changes verified by existing test suites.
- [SAFE]: The skill references established development tools and documentation, including Martin Fowler's refactoring guides, VS Code documentation, and reputable open-source projects like jscodeshift and ast-grep.
- [PROMPT_INJECTION]: The skill processes code from a user's repository using tools like Read and Grep, which creates an attack surface for indirect prompt injection. This risk is inherent to code-processing tasks and is mitigated by the skill's instruction to verify all changes using external tests.
- Ingestion points: Local source files accessed via Read, Grep, and Glob tools as described in SKILL.md.
- Boundary markers: The skill does not explicitly specify delimiters or instructions to ignore embedded commands in the data it processes.
- Capability inventory: The skill utilizes Bash for command execution and Write for file modifications in SKILL.md, enabling the application and verification of refactors.
- Sanitization: Verification relies on the user codebase's existing validation infrastructure, such as unit tests, integration tests, and static analysis tools.
Audit Metadata