refactor-with-confidence
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes source code from local files which may contain malicious instructions hidden in comments or data.
- Ingestion points: The skill uses the Read tool to ingest code content from the local workspace for refactoring (SKILL.md).
- Boundary markers: The instructions do not define boundary markers or explicit directives for the agent to ignore instructions embedded within the code being processed.
- Capability inventory: The skill possesses significant capabilities, including Bash for test execution and Write/Edit for file modification (SKILL.md).
- Sanitization: No sanitization or filtering of the ingested code content is performed before modification or execution.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute arbitrary commands, primarily intended for running test suites and verifying code integrity during the refactoring process (SKILL.md).
Audit Metadata