refactor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill contains steering instructions like 'Invoke IMMEDIATELY' and 'Do NOT explore first' which are intended to override the agent's default validation and reasoning behaviors before tool invocation. It also functions by analyzing user-provided source code, creating a surface for indirect prompt injection where malicious instructions in code comments could influence agent behavior.
- COMMAND_EXECUTION (SAFE): The skill invokes a local Python script (
skills.refactor.refactor) to perform its analysis. The invocation is well-structured and uses expected parameters, showing no signs of arbitrary command injection or privilege escalation. - DATA_EXPOSURE (SAFE): The tool is designed to read and analyze project files for refactoring purposes. This is the intended primary purpose of the skill and no attempts to access sensitive system files or credentials were detected.
Audit Metadata