refactoring-analysis
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to read source code and generate documentation. It does not perform network operations, access sensitive credentials, or execute arbitrary system commands.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data in the form of project source code during its analysis phase. While this provides a surface for indirect prompt injection, the risk is negligible as the skill's output is limited to generating markdown reports in a specific documentation directory (
docs/_refacs/). - [COMMAND_EXECUTION]: The provided Python script
scripts/validate-metadata.pyis a standard utility for validating metadata strings against specific length and character constraints. It uses safe libraries (re,sys,argparse) and performs no dangerous system-level operations.
Audit Metadata