google-aistudio-refacto
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No malicious injection detected. The skill uses instructional markers to guide the agent through refactoring tasks. The 'IMPORTANT' directives in the examples are part of mock LLM system instructions for a CV optimization feature and do not target the agent itself.
- [DATA_EXPOSURE] (SAFE): While example files contain hardcoded API keys and personal data, these are identified in documentation as anti-patterns to be fixed. Placeholder values like 'your_api_key_here' are used for the refactored states.
- [EXTERNAL_DOWNLOADS] (SAFE): Dependencies listed are well-known, industry-standard npm packages. Remote references in mock examples (ESM.sh, Tailwind CDN) are within the expected scope of the projects being refactored.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill directs the agent to scan and edit user-provided source code, creating an inherent surface for indirect prompt injection. 1. Ingestion points: The agent reads user code files (e.g., in App.tsx). 2. Boundary markers: None explicitly defined to prevent the agent from executing instructions found in code comments. 3. Capability inventory: The agent has access to
read,write,edit, andbash. 4. Sanitization: None performed. This risk is inherent to the primary refactoring purpose and is mitigated by agent-level safety filters.
Audit Metadata