refactor
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes system commands via the
bashtool to perform build checks and run test suites, specifically usingnpm test,bun test,pytest,tsc --noEmit, andeslint .. These executions are integral to the skill's verification phases to ensure that refactoring does not introduce regressions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and processing external codebase files and user-supplied arguments.
- Ingestion points: User input provided via
$ARGUMENTSand local source code files accessed through exploration sub-agents and Language Server Protocol (LSP) tools. - Boundary markers: The prompt utilizes a structured, phase-based template (e.g.,
<user-request>tags) and an 'Intent Gate' to validate goals, though it does not explicitly instruct the agent to ignore potentially malicious instructions embedded in the code comments of the files being refactored. - Capability inventory: The skill possesses significant capabilities, including the ability to write to the filesystem (
edit,lsp_rename,ast_grep_replace) and execute arbitrary shell commands (bash). - Sanitization: The skill employs several defensive layers, such as mandatory verification checkpoints after every modification, a dedicated 'Plan' review phase, and a 'Final Verification' phase to identify and stop if errors or unexpected behaviors occur.
Audit Metadata