techdebt
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill processes untrusted repository code and git diffs, creating a potential surface for indirect injection.\n
- Ingestion points: SKILL.md Step 1 reads file contents and git diff output into the agent context.\n
- Boundary markers: No explicit delimiters or 'ignore' instructions are provided to separate file data from system instructions.\n
- Capability inventory: The skill utilizes the 'Bash' tool to read files, execute git commands, and perform refactoring changes.\n
- Sanitization: No explicit sanitization or filtering of the ingested code content is performed.\n
- Note: This surface is inherent to code-analysis skills and is considered safe as the logic remains within the scope of code refactoring.\n- Command Execution (SAFE): The use of 'Bash' is constrained to standard, hardcoded git operations such as 'git remote', 'git merge-base', and 'git diff'. These operations are used for their intended purpose of repository metadata extraction and do not depend on untrusted input for command construction.
Audit Metadata