codebase-cleanup-refactor-clean
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and process external code, which is a common vector for instruction injection.
- Ingestion points: Processes 'provided code' as specified in the context and instructions.
- Boundary markers: The prompt lacks explicit delimiters (e.g., XML tags or triple backticks) to separate the untrusted input from the agent's instructions.
- Capability inventory: The skill directs the agent to 'Apply changes' and 'Break work into steps', implying a level of influence over the output that could be exploited by embedded instructions.
- Sanitization: No sanitization or 'ignore embedded instructions' directives are present.
Audit Metadata