front-refactor
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-controlled files (JS, TS, CSS, etc.) to generate refactoring suggestions. While this creates a theoretical attack surface for instructions embedded in code comments to influence the agent, the risk is mitigated by explicit 'Behavior preservation' rules.
- Ingestion points: Target files matching supported extensions (.js, .ts, .vue, .svelte, .astro, .css, etc.) as defined in
SKILL.md. - Boundary markers: Output is formatted into structured markdown blocks (Preview mode) as specified in
SKILL.md. - Capability inventory:
Read,Glob,Edit, andWritetools as defined in theallowed-toolssection ofSKILL.md. - Sanitization: No specific input sanitization is performed on the code content; however, the skill relies on the agent's internal reasoning and provided shared rules to ensure code integrity.
- [EXTERNAL_DOWNLOADS]: The skill optionally utilizes the
context7MCP to fetch official framework documentation (e.g., React, Vue, Sass) to provide accurate refactoring suggestions based on the latest standards. This is a legitimate data enrichment step from a well-known service provider.
Audit Metadata