Skills
skills/erichowens/some_claude_skills/refactoring-surgeon/Gen Agent Trust Hub

refactoring-surgeon

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external code files.
  • Ingestion points: The agent reads and processes source code files (e.g., .ts, .js) from the project directory using the Read and Edit tools.
  • Boundary markers: The skill instructions do not provide explicit delimiters or guidance for the agent to distinguish between executable code and potential natural language instructions embedded in comments or strings.
  • Capability inventory: The skill has the ability to write to the file system and execute limited bash commands through npm and git.
  • Sanitization: No input sanitization is performed on the code content before it is analyzed by the language model.
  • [COMMAND_EXECUTION]: The skill includes a bash script for analyzing code quality and defines a restricted execution environment.
  • Evidence: The validation script at scripts/validate-refactoring.sh uses standard tools like find, grep, and git to perform heuristic analysis for code smells and test coverage. The allowed-tools specification in SKILL.md correctly limits Bash tool usage to npm test:*, npm run lint:*, and git:* commands, preventing arbitrary command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 03:21 AM