legacy-modernizer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to analyze and refactor legacy codebases, creating a surface for indirect prompt injection via comments or strings in the analyzed source code.
- Ingestion points: Source code files processed during the technical audit and refactoring phases.
- Boundary markers: Absent; the instructions do not provide delimiters or 'ignore' directives to help the agent distinguish between legacy code and malicious instructions.
- Capability inventory: The skill documentation mentions automated refactoring and file deletion ('Phase 6: Full Cutover'), though no scripts for these actions are provided in this skill package.
- Sanitization: None; the provided scripts merely log filenames and do not validate or sanitize inputs.
- [External Downloads] (SAFE): The documentation suggests using standard industry tools like 'putout' and 'jscodeshift' for refactoring, but no automated downloads or installations are performed by the skill itself.
Audit Metadata