matt-request-refactor-plan

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because it ingests and processes untrusted data from external sources.
  • Ingestion points: The agent is instructed to explore the repository codebase (Step 2 and Step 6) and collect extensive user input through a detailed interview process (Steps 1, 3, 4, and 5).
  • Boundary markers: The instructions lack boundary markers or explicit guidance for the agent to ignore instructions that might be embedded within the files it reads or the text provided by the user during the interview.
  • Capability inventory: The skill utilizes repository exploration tools and has the capability to write to the external environment by creating GitHub issues (Step 8).
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the content retrieved from the repository or the user before it is used to generate the final refactor plan and GitHub issue.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 05:38 AM
Security Audit — agent-trust-hub — matt-request-refactor-plan