refactoring
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected. The skill reads and processes local source code files to identify refactoring candidates, which provides an entry point for untrusted data.
- Ingestion points: The skill uses Glob and Grep to read the contents of local source files in the target project directories.
- Boundary markers: The subagent prompt templates in SKILL.md lack explicit delimiters or instructions to ignore instructions embedded within the analyzed code comments.
- Capability inventory: The skill can execute git commands (git log), write analysis reports (markdown files), and run automated test suites.
- Sanitization: There is no evidence of sanitization or escaping applied to the source code content before it is parsed by the analysis subagents.- [COMMAND_EXECUTION]: The skill performs shell operations and executes automated tests as part of its core functionality. It specifically runs git log to calculate churn and bug frequency metrics. Additionally, it invokes local test runners (such as pytest) during the Gate A verification step to ensure code behavior is preserved during refactoring.
Audit Metadata