refactoring-team
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a user-specified
TEST_COMMANDduring the refactoring process to verify that code changes do not break existing functionality. This command is run by the worker agent at the start and after each logical change.\n- [DATA_EXPOSURE]: The hook scriptreferences/guard-idle-worker.shreads from a transcript file path provided by the system via standard input to verify communication logs between the sub-agents before allowing a worker to go idle.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external source code from a user-providedTARGET_PATH. This code is ingested into the agent context for refactoring.\n - Ingestion points: Files and directories provided via the
TARGET_PATHargument or interactive prompt.\n - Boundary markers: Absent. The worker and reviewer prompts do not define specific delimiters to separate the code being refactored from the agent instructions.\n
- Capability inventory: The worker agent has file system write access within the target path and can execute the user-provided test command via the platform's terminal tools.\n
- Sanitization: Absent. The skill does not perform any pre-processing or sanitization of the target files to detect or neutralize potential embedded instructions.
Audit Metadata