refactoring-code
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): Vulnerability surface detected. \n
- Ingestion points: The skill reads source code using
Read,Glob, andGreptools (SKILL.md). \n - Boundary markers: There are no instructions for the agent to use delimiters or ignore embedded instructions within the code being refactored (absent). \n
- Capability inventory: The skill uses
Write,Edit, andBashtools, which allow the agent to modify the file system (SKILL.md). \n - Sanitization: No input validation or sanitization is specified for the code content being processed (absent). \n- Prompt Injection (SAFE): No instructions to override behavior or bypass safety filters were found. \n- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration patterns were detected. \n- Obfuscation (SAFE): No encoded content or hidden characters were found. \n- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform external downloads or execute remote scripts. \n- Privilege Escalation (SAFE): No commands to escalate privileges (e.g.,
sudo) were identified. \n- Persistence Mechanisms (SAFE): No attempts to modify startup scripts or crontabs were found. \n- Metadata Poisoning (SAFE): Metadata is accurate and does not contain deceptive instructions. \n- Time-Delayed / Conditional Attacks (SAFE): No logic gating behavior based on time or environment was detected. \n- Dynamic Execution (SAFE): No runtime code generation or compilation is performed.
Audit Metadata