refactoring-engine
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a static analysis engine using regular expressions to detect code smells such as long functions, deep nesting, and magic numbers. It does not evaluate or execute the content of the files it analyzes.
- [SAFE]: The implementation uses platform-provided safe I/O utilities (
safeReadFile,safeWriteFile) and performs path validation on user-provided arguments. - [METADATA_POISONING]: The
SKILL.mddescription is significantly more ambitious than the actual code, claiming to perform architectural refactoring and systemic improvements when the implementation is only a read-only linter. While misleading, this behavior is not malicious. - [INDIRECT_PROMPT_INJECTION]: The skill reads external code files and extracts snippets (e.g., function names) into its output. However, the use of strict regex patterns (
\w+) limits the potential for code-based instructions to reach the agent's context, and the skill itself possesses no high-privilege capabilities like subprocess execution. - Ingestion points: Reads code from files specified via the
--inputflag insrc/index.ts. - Boundary markers: None present; the skill treats all file content as data to be analyzed.
- Capability inventory: Limited to file read/write operations; no shell execution or network access is present in the source code.
- Sanitization: Implicitly performed by regex capture groups that only allow alphanumeric characters for function names and numeric characters for magic numbers.
Audit Metadata