code-refactor-analyzer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill ingests untrusted user requirements to drive repository analysis and report generation. This creates an attack surface where malicious instructions embedded in a requirement could influence the agent's behavior while it scans the codebase or writes reports.
- Ingestion points: User requirement strings provided to
state_manager.pyandSKILL.md. - Boundary markers: None identified; the skill logic uses the requirement string directly for state tracking and file identification.
- Capability inventory: File system write access to the
.claude/directory and repository read access. - Sanitization: Input is normalized and hashed for identification purposes, but no filtering for prompt injection content is performed.
- [DATA_EXFILTRATION] (LOW): The skill records interaction history, including user requirements and associated file paths, into a local state file (
.claude/code_refactor_state/state.json). While intended for persistence, this creates a local record of user activities and repository structures. - [COMMAND_EXECUTION] (SAFE): Analysis of the provided Python script reveals only standard library usage for file and state management; no subprocess calls or dynamic execution patterns were detected.
Audit Metadata