request-refactor-plan
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's logic is purely instructional and follows standard development practices for repository analysis and documentation generation. No obfuscation, unauthorized exfiltration, or persistence mechanisms were found.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform repository exploration and create GitHub issues. These actions are aligned with the stated purpose of planning refactors and use standard platform capabilities.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the repository and user descriptions.
- Ingestion points: User-provided problem descriptions (Step 1), user interviews (Step 4), and repository codebase content (Steps 2 and 6).
- Boundary markers: None explicitly defined in the prompt instructions.
- Capability inventory: Filesystem exploration (reading) and GitHub issue creation (writing).
- Sanitization: No specific sanitization or escaping logic is defined for the content before it is placed into the GitHub issue template. The risk is limited to the content of the generated issue and is considered a low-severity inherent risk of data summarization tasks.
Audit Metadata