refinery
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface where instructions embedded in the data being refined could influence agent behavior.
- Ingestion points: Reads content from
system/reviews/*.md,system/blueprints/*.md, and arbitrary source code files provided by the user. - Boundary markers: Absent. There are no delimiters or 'ignore instructions' warnings when loading the content for refinement.
- Capability inventory: The skill has the ability to overwrite local files (the artifact and
system/refinery-log.md) and modify the system state file (system/state.md). - Sanitization: Absent. The agent is instructed to 'Rewrite' and 'Apply the fixes' directly based on its interpretation of the content.
- Command Execution (SAFE): While the skill mentions using an 'Edit tool' for code changes, this is a standard capability for development agents and is used here in a controlled, iterative loop without spawning arbitrary shells or executing downloaded scripts.
Audit Metadata