idea-refine
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains a shell script (scripts/idea-refine.sh) intended for initializing the project's documentation directory. The script uses standard commands to create a folder and does not require elevated permissions or access to sensitive system areas.
- [SAFE]: The skill reads local codebase content using Glob and Read tools. This is the intended behavior for the skill to provide relevant, context-aware suggestions and ground its logic in the user's existing work. No unauthorized data exfiltration or access to sensitive files (e.g., SSH keys or credentials) was identified.
- [PROMPT_INJECTION]: The skill exhibits an architectural surface for indirect prompt injection as it processes data from the local workspace.
- Ingestion points: Data is ingested from files in the user's codebase using the Read tool.
- Boundary markers: No explicit delimiters are used to separate external file content from the skill's system instructions.
- Capability inventory: The skill can execute local scripts and perform file writes.
- Sanitization: Content read from the filesystem is not sanitized or escaped before being processed by the agent logic. This is noted as a low-risk surface inherent to codebase-aware assistants.
Audit Metadata