refactor
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local system commands including
git diff,git log, and a specific binary located at~/bin/eldev. While these are functional requirements for a refactoring tool, users should ensure that theeldevbinary is from a trusted source. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is instructed to read source code files in full. Malicious instructions embedded within comments or strings in the code being refactored could potentially influence the agent's behavior during the session.
- Ingestion points: Uses
git diffand full-file reads inSKILL.md(Step 2). - Boundary markers: None identified; the agent reads raw file content without delimiters or specific safety instructions regarding embedded content.
- Capability inventory: Includes the ability to execute shell commands (
git,eldev) and modify local files. - Sanitization: No evidence of sanitization or validation of the content read from external files before processing.
Audit Metadata