request-refactor-plan
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's behavior is consistent with its stated purpose. It performs structured data gathering and document generation without attempting unauthorized actions or bypassing safety constraints.- [DATA_EXPOSURE]: The skill writes output to
~/Development/docs/rfc/. This is a localized documentation directory and does not involve accessing or exposing sensitive system files like SSH keys or environment secrets.- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external sources (Linear, Figma, Notion), creating a theoretical surface for indirect prompt injection. However, since the output is a static markdown file, the risk of exploitation is negligible. - Ingestion points: Content fetched from Linear tickets, Figma designs, and Notion pages.
- Boundary markers: None specified.
- Capability inventory: Writing markdown files to a local directory (SKILL.md).
- Sanitization: No explicit sanitization of external data is mentioned before it is included in the refactor plan.
Audit Metadata