safe-refactor
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and acting upon untrusted data from the local repository.
- Ingestion points: Reads project source code (.swift files), project-specific guidelines from CLAUDE.md, and build configuration files (.xcodeproj, Package.swift).
- Boundary markers: Does not utilize explicit delimiters or safety instructions to prevent the agent from following embedded instructions within the codebase being analyzed.
- Capability inventory: The skill employs powerful tools including Bash, Write, and Edit, enabling it to execute system commands and modify the filesystem.
- Sanitization: There is no evidence of validation or sanitization for project-derived data (e.g., scheme names or thresholds) before it is used in shell commands or file operations.
- [COMMAND_EXECUTION]: The skill executes multiple bash commands (git, find, grep, xcodebuild) that incorporate parameters derived from the local environment, which could be exploited via maliciously crafted filenames or project configuration files.
Audit Metadata