code-refactor
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill incorporates an automatic execution mode for tasks involving 10 or more files. In this mode, the agent generates and runs Python code (e.g., using functions from the api.code_transform module) through a separate code-execution skill to perform bulk file modifications.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads and processes local source code that could contain untrusted data. Instructions hidden in code comments or strings might influence the agent's behavior while performing refactoring tasks.\n
- Ingestion points: Source files are read using the Grep tool during the identification phase (native mode workflow).\n
- Boundary markers: The instructions do not define boundary markers or safety prompts to ensure the agent ignores instructions found within the code it processes.\n
- Capability inventory: The skill utilizes file-read, file-write, and general script execution capabilities.\n
- Sanitization: No validation or sanitization of the content retrieved from the files is performed before the agent acts upon it.
Audit Metadata