component-flattening-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it analyzes and refactors external codebase structures and file contents.
- Ingestion points: In the 'Map Component Structure' and 'Locate Source Files' phases described in
SKILL.md, the skill reads directory structures and source file locations from the project. - Boundary markers: The skill documentation does not specify the use of delimiters or 'ignore' instructions to prevent the agent from being influenced by instructions embedded within the names or contents of the files it is refactoring.
- Capability inventory: According to the 'Execute Flattening' section in
SKILL.md, the skill can move source files, update directory structures, and execute command-line test runners. - Sanitization: No sanitization or validation of the input codebase data is mentioned before it is used to perform filesystem operations or shell command execution.
- [COMMAND_EXECUTION]: The skill documentation in
SKILL.mdandREADME.mddetails an execution process that involves shell-level interactions. Specifically, it involves moving files between directory namespaces and invoking automated test suites via the command line to verify that refactoring changes are successful.
Audit Metadata