refactoring
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is instructed to 'Find or create ./test.sh' and execute it to verify changes. This capability allows for the execution of arbitrary commands if a malicious script is present in the repository being refactored. This risk is categorized as low as it is central to the primary purpose of the skill.
- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface because it processes external source code files that may contain malicious instructions designed to influence the agent. Evidence Chain: (1) Ingestion points: Source files determined during the 'Prep' stage. (2) Boundary markers: None present. (3) Capability inventory: File system writes, git commits, and shell execution via 'test.sh'. (4) Sanitization: No sanitization of code content before processing or interpolation.
Audit Metadata