architectural-refactor
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests instructions from external assessment documents and a locally generated
refactor-plan.md, which it is instructed to follow literally without sanitization or boundary markers. - Ingestion points: External assessment documents (e.g., seam-ripper output) and
refactor-plan.md(Phase 1 and 3). - Boundary markers: Absent; instructions emphasize literal execution of the plan steps.
- Capability inventory: Shell command execution (tests, linting, type-checking), file system read/write access, and Git version control operations.
- Sanitization: Absent; the skill does not validate or sanitize instructions within the ingested files.
- [COMMAND_EXECUTION]: The skill executes various development tools and test runners (e.g.,
npm test,pytest,npx tsc,git) to verify code changes and manage the refactoring process. These commands are discovered dynamically from the project environment (e.g.,package.json,Cargo.toml).
Audit Metadata