refactor
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several system commands including
git diff,pnpm vitest, andmake types. While these are standard tools for a development workflow, they interact directly with the local environment and project files. - [REMOTE_CODE_EXECUTION]: Execution of
pnpm vitesttriggers the running of test suites located within the repository. This effectively allows the execution of arbitrary code found in the project's codebase, which could be exploited if the branch being reviewed contains malicious test definitions. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the codebase.
- Ingestion points: The skill reads the full content of code changes using
git diffas a basis for its review and refactoring logic. - Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between code-to-be-reviewed and potential instructions embedded in comments or strings.
- Capability inventory: The agent is authorized to refactor code (write to the filesystem), run shell commands, and execute tests.
- Sanitization: There is no evidence of sanitization or filtering of the code content before it is processed by the LLM for grading and refactoring decisions.
Audit Metadata