refactor-with-ai
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): The prompt templates provided are functional instructions for refactoring and do not contain directives to bypass safety filters or reveal system prompts.
- DATA_EXFILTRATION (SAFE): There are no network operations, file system access commands, or hardcoded credentials present in the skill.
- EXTERNAL_DOWNLOADS (SAFE): While the documentation mentions verification tools like 'npm' or 'stryker', the skill itself does not perform any package installations or remote script executions.
- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to process untrusted code snippets. While this constitutes an ingestion surface for potentially malicious instructions embedded in comments, the skill uses standard markdown boundary markers (triple backticks) to separate user data from instructions. As an informational/reasoning skill without autonomous execution capabilities, the risk is minimal.
- DYNAMIC_EXECUTION (SAFE): No code generation or runtime compilation logic is present within the skill's instructions.
Audit Metadata