orchestrate-batch-refactor
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted code from external repositories to drive the refactoring logic and generate work packets.\n
- Ingestion points: Target repository files and modules specified during the analysis phase (SKILL.md).\n
- Boundary markers: Absent. The instructions and templates lack explicit delimiters or instructions to ignore malicious directives embedded within the processed code comments or documentation.\n
- Capability inventory: The skill involves file-writing operations (implied by the refactoring goal) and shell command execution for validation checks (e.g., npm run test mentioned in work-packet-template.md).\n
- Sanitization: Absent. There is no automated validation or escaping of repository content before it is processed by the Explorer and Worker sub-agents.
Audit Metadata