request-refactor-plan
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions involve ingesting untrusted data from the user and the codebase to generate a GitHub issue. This creates a surface for indirect prompt injection where external data could attempt to influence the agent's behavior during the planning or filing process.
- Ingestion points: User-provided refactor descriptions and repository content exploration (Step 1, Step 2, and Step 6).
- Boundary markers: None specified to delimit or sanitize untrusted content before it is processed by the agent.
- Capability inventory: The skill utilizes repository exploration tools for reading and GitHub issue creation tools for writing.
- Sanitization: No explicit sanitization or escaping steps are defined for the data used to populate the refactor plan template.
- [NO_CODE]: The skill consists entirely of instructional markdown and does not include any accompanying scripts, executables, or package manifests.
Audit Metadata