refactoring-specialist
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests
Bashpermissions inSKILL.mdto support its principles of ensuring test coverage and committing changes. This provides an execution environment that could be exploited if the agent is misled. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: The skill ingests and processes untrusted source code provided by the user for refactoring, as indicated in the activation triggers in
SKILL.md. Boundary markers: The instructions do not define clear delimiters or instructions to ignore potential commands embedded within the comments of the provided code. Capability inventory: The skill is grantedRead,Write,Edit, andBashtool access. Sanitization: There is no evidence of sanitization or filtering of the input code to prevent the execution of instructions contained within the data.
Audit Metadata