workflow-checkpoint-refactor
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes extensive shell command capabilities to perform its refactoring duties.
- It uses
gitfor repository state management (status, diff, log, add, commit). - It leverages package managers and build tools including
npm,npx,uv, andcargofor code validation. - It automatically executes discovery commands (
git rev-parse,find,git status) to establish context upon activation. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because its logic is driven by external data sources.
- Ingestion points: The agent reads the
REFACTOR_PLAN.mdfile (which can be manually edited by users or potentially influenced by previous file reads) and the repository's source code files. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard instructions found within the files it reads during the refactoring process.
- Capability inventory: The skill possesses high-impact capabilities including
Bashexecution, file system modification (Write,Edit), and sub-agent delegation viaTask. - Sanitization: No specific sanitization or validation logic is defined to prevent malicious instructions embedded in the refactor plan or the source code from being interpreted as valid task steps.
Audit Metadata