code-refactoring
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to analyze and refactor existing source code, which serves as an ingestion point for untrusted data (Indirect Prompt Injection surface).
- Ingestion points: Source code files accessed via 'Read', 'Grep', and 'Glob' tools in 'Step A: Understand Current Behavior'.
- Boundary markers: The instructions lack explicit boundary markers or directives for the agent to ignore natural language instructions that might be embedded in code comments or string literals within the files being refactored.
- Capability inventory: The skill utilizes file system modification tools ('Write', 'Edit') and executes local shell commands ('npm test', 'npx tsc') which could be subverted if the agent follows instructions found in the data.
- Sanitization: There is no evidence of sanitization or validation of the code content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill explicitly instructs the execution of local shell commands ('npm test', 'npx tsc', 'npm run lint') for behavior validation. While these are standard for code development, they represent a capability that could be targeted by indirect injections.
Audit Metadata