refactor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions contain no attempts to override system prompts or bypass AI safety constraints.
- [Data Exposure & Exfiltration] (SAFE): No network requests or sensitive data access (like SSH keys or credentials) were detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill uses local git operations and does not download or execute scripts from remote or untrusted sources.
- [Indirect Prompt Injection] (SAFE): While the skill reads project files and git history, this is inherent to its core functionality for refactoring. 1. Ingestion points: Local project files, docs, and git commit history (mentioned in '前置检查'). 2. Boundary markers: Absent. 3. Capability inventory: Git commands (worktree, commit, merge), file writing (refactor plans), and execution of local tests. 4. Sanitization: Absent.
Audit Metadata