refactor
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
Bash(git:*)to execute git commands such asgit rev-parseandgit difffor scope determination and state verification. Although restricted to git, this involves shell command execution. - [PROMPT_INJECTION]: The instructions specify that the agent should 'Execute immediately without user confirmation', which minimizes human-in-the-loop oversight for automated code modifications.
- [PROMPT_INJECTION]: Under 'Aggressive Mode' in
references/agent-configuration.md, the agent is directed to 'Delete try-catch in trusted code paths' and 'Eliminate defensive null checks'. This instruction targets the removal of error-handling and safety logic in the source code, which could introduce vulnerabilities or stability issues if the agent misidentifies 'trusted' code. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external codebase content which could contain malicious instructions. Ingestion points: File contents are read using the
Readtool and searched usingGrepbased on user arguments or git activity (SKILL.md,references/scope-determination.md). Boundary markers: The prompt assembly described inreferences/agent-configuration.mddoes not specify the use of clear delimiters or instructions to treat ingested code as data rather than instructions. Capability inventory: The skill has the ability to launch sub-agents viaTask, modify files viaEdit, and execute restricted shell commands viaBash. Sanitization: There is no evidence of sanitization, validation, or escaping of the ingested codebase content before it is processed by the agent.
Audit Metadata