safe-refactor-code
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from the repository (source code and documentation files) while possessing significant file-modification capabilities.\n
- Ingestion points: Reads repository files (AGENTS.md, MEMORY.md, source code) during the orientation and refactoring phases (Workflow Steps 1 & 2).\n
- Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the processed code.\n
- Capability inventory: Possesses the ability to write/modify files (AGENTS.md, CHANGELOG.md, etc.) and perform code modifications via refactor tools.\n
- Sanitization: Absent. No logic is provided to sanitize or validate the content of the files being read before they are processed by the agent.
Audit Metadata