refactor-plan
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs a shell command using user-provided input for the issue title. While the issue body is protected by a quoted heredoc, the title placeholder (
<title>) is interpolated within double quotes. This presents a surface for indirect prompt injection where a maliciously crafted title could lead to unintended command execution.\n - Ingestion points: User-provided refactoring titles and descriptions within the process defined in
SKILL.md.\n - Boundary markers: Quoted heredoc markers (
<<'EOF') are used for the body, providing protection against injection in that section, but markers are absent for the title placeholder.\n - Capability inventory: Executes
gh issue createandgh auth statuscommands.\n - Sanitization: No explicit sanitization or escaping mechanisms are specified for the user-provided strings before they are interpolated into the shell command.\n- [DATA_EXFILTRATION]: The skill transmits data to GitHub, which is a well-known and trusted service. This behavior is consistent with the skill's stated purpose and does not involve accessing sensitive local data like credentials or SSH keys, making it a standard functional component.
Audit Metadata