agent-md-refactor
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is entirely composed of Markdown-based instructions and logic. It does not contain any executable scripts, binary files, or automated system commands.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) as it is designed to ingest and process content from external agent instruction files which may contain untrusted data.
- Ingestion points: The process involves reading content from files such as AGENTS.md, CLAUDE.md, and COPILOT.md (SKILL.md).
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' directives to prevent the agent from accidentally following instructions contained within the files being refactored.
- Capability inventory: The skill requires the agent to create and write multiple Markdown files to the local file system (SKILL.md).
- Sanitization: There are no defined mechanisms for sanitizing or filtering the content processed from external sources before it is written to the new file structure.
Audit Metadata