refactoring-surgeon
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves a legitimate purpose for improving code quality and provides detailed educational content on refactoring patterns such as Extract Method, Introduce Parameter Object, and the Strangler Fig pattern.
- [COMMAND_EXECUTION]: The skill includes a local utility script (scripts/validate-refactoring.sh) designed for static analysis of the codebase. It uses standard Unix utilities like grep, find, and wc to identify code smells and verify test presence without executing the code under analysis. This is a benign tool used for developer feedback.
- [SAFE]: Tool access is appropriately scoped within the YAML frontmatter. The Bash tool is restricted to specific npm and git commands (npm test:, npm run lint:, git:*), which align with the skill's stated purpose of refactoring and testing.
- [SAFE]: No suspicious patterns related to data exfiltration, obfuscation, persistence, or privilege escalation were detected. All reference files are static code examples for educational purposes.
Audit Metadata