refactor-project
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it reads untrusted project source files that may influence the agent's behavior. * Ingestion points: Source code files are discovered and read using the Read, Grep, and Glob tools as defined in SKILL.md and references/scope-analysis.md. * Boundary markers: The instructions in references/agent-configuration.md lack explicit delimiters or instructions to ignore commands embedded within the files being refactored. * Capability inventory: The sub-agent is granted the Edit tool, enabling it to modify any file within the project scope. * Sanitization: Project file content is processed without prior validation or sanitization.
- [COMMAND_EXECUTION]: The skill uses the Bash tool restricted to git commands (Bash(git:*)) to perform repository checks and revision logging, which allows for modification of the local repository state.
Audit Metadata