orchestrate-batch-refactor
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. • Ingestion points: The skill analyzes repository paths, modules, and feature areas (e.g., in SKILL.md and references/agent-prompt-templates.md). • Boundary markers: Uses specific roles (Explorer, Worker) and instructions to 'Ignore unrelated edits by others', but lacks explicit delimiters or instructions to ignore embedded commands within the code being refactored. • Capability inventory: The skill can modify files and execute 'validation commands' defined in work packets (e.g., npm run test in references/work-packet-template.md). • Sanitization: No sanitization or validation of the code content before analysis or integration is specified.
- [COMMAND_EXECUTION]: Dynamic Command Execution. • The skill defines a workflow where agents generate and execute 'validation commands' (e.g., npm run typecheck, npm run test) as specified in the work packet template and orchestration instructions. These commands are executed based on the agent's internal planning process.
Audit Metadata