refactor
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8). Ingestion points: Codebase files identified via semantic search, explicit paths, or git history using tools like Read and Grep. Boundary markers: No specific delimiters or instructions are provided to the subagent to ignore embedded instructions within the source code being analyzed. Capability inventory: The subagent has the Edit capability to modify files and the Bash(git:*) capability to interact with the repository. Sanitization: There is no evidence of sanitization or filtering of the source code content before it is processed by the AI models.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool with a restricted permission set (git:*). This is used for repository introspection, such as identifying the work tree status and recently changed files, which limits the risk of arbitrary command execution.
Audit Metadata