refactor
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands to run test suites such as go test and pytest, and linting tools like vulture and go vet. These operations are essential for the skill's primary function of verified refactoring and are restricted to common development tools.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes user-provided source code which could contain malicious instructions.
- Ingestion points: Source code files targeted for refactoring (referenced in SKILL.md).
- Boundary markers: None identified in SKILL.md to distinguish code from instructions.
- Capability inventory: Execution of subprocesses for testing and writing summary reports to the .agents/refactor/ directory (SKILL.md).
- Sanitization: None identified; the skill treats target code as data for analysis without explicit sanitization.
Audit Metadata