Skills
skills/dawiddutoit/custom-claude/util-multi-file-refactor/Gen Agent Trust Hub

util-multi-file-refactor

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes untrusted data (external codebase) that could contain malicious instructions designed to influence the agent's behavior during refactoring.
  • Ingestion points: Codebase files accessed via Read, Grep, and Glob tools.
  • Boundary markers: Absent. The instructions do not include specific delimiters or directives to ignore instructions embedded within the code being analyzed.
  • Capability inventory: Extensive. Includes Bash (shell execution), Edit/MultiEdit (file modification), and Read (file access).
  • Sanitization: Absent. The agent is directed to search for and replace strings directly within the codebase without content filtering.
  • [COMMAND_EXECUTION]: The skill workflow relies on the Bash tool to execute external binaries for "Quality Gates" and build processes.
  • Evidence: The SKILL.md and references/quality-gates.md files instruct the agent to run commands such as pytest, npm run build, go build, cargo test, and uv run pyright.
  • Context: These operations are standard for software development and refactoring, but they grant the agent the ability to execute arbitrary code in the environment where the skill is active.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 05:24 PM