file-organization
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from the user's repository via Read, Grep, and Glob tools (SKILL.md). Boundary markers are present in the form of a structured YAML intake process (Step 1) and a dedicated decision matrix (references/boundary-decision-matrix.md). The skill's capability inventory includes file system modifications (Bash, Write) for structural planning and refactoring (SKILL.md). While explicit sanitization of repository content is not mentioned, the skill focuses on metadata and structural analysis rather than interpreting file contents as instructions.
- [COMMAND_EXECUTION]: The skill includes shell access (Bash) in its allowed tools to facilitate moving and renaming files during repository refactors. These operations are guided by detailed migration checklists and staged move plans (references/migration-checklist.md) designed to maintain project stability.
- [EXTERNAL_DOWNLOADS]: The skill references best practices from established technology documentation and public repositories, including Next.js, Turborepo, and well-known React pattern guides. These references are used solely for informational guidance and do not involve the execution of remote scripts or packages.
Audit Metadata