refactor
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the
Bashtool to perform its primary function of refactoring and running tests, which allows for arbitrary command execution on the host system. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting data from files that could contain malicious instructions. * Ingestion points: The skill uses
Read,Grep, andGlobto ingest untrusted code from the filesystem. * Boundary markers: There are no markers or system instructions provided to ensure the agent treats ingested code strictly as data rather than instructions. * Capability inventory: The skill has access toBashfor shell execution andEditfor modifying the filesystem. * Sanitization: No sanitization, validation, or filtering of the content being refactored is defined.
Audit Metadata