refactor-python
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from the project being refactored.
- Ingestion points: The agent is instructed to read configuration files (e.g.,
pyproject.toml,uv.lock) and the project's source code and tests. - Boundary markers: The instructions lack explicit delimiters or warnings to ignore potential instructions that might be embedded within the code or comments of the files being analyzed.
- Capability inventory: The skill performs file system operations (read/write) and executes shell commands (e.g.,
pytest,ruff,uv). - Sanitization: There is no evidence of sanitization or validation of the content of the external files before they are incorporated into the agent's context or used to inform command execution.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to verify code changes and manage project environments.
- Evidence: It explicitly details the use of
python -m pytest,python -m ruff,python -m mypy, anduvcommands (uv run,uv sync,uv lock). These are standard professional development tools used for their intended purpose in this context. - [EXTERNAL_DOWNLOADS]: The skill uses the
uvtool to manage project dependencies, which involves network activity. - Evidence: Instructions include using
uv addanduv syncto manage the environment and dependencies. These operations fetch packages from official registries.
Audit Metadata