modularize
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted project code and configuration files to build migration plans, which introduces a surface for indirect prompt injection.
- Ingestion points: The agent maps files, dependencies, imports, and exports from the target codebase to detect frameworks and plan modularization.
- Boundary markers: The skill mandates a "Show migration map" step and explicitly requires that the agent "wait for explicit confirmation before proceeding" to any modifications.
- Capability inventory: Capabilities include file movement, directory creation, and source code refactoring, alongside execution of validation tools like
fuse-ai-pilot:sniper. - Sanitization: There is no specific description of content sanitization for the code being analyzed.
- [COMMAND_EXECUTION]: The skill performs local file system operations and executes framework-specific validation commands.
- Evidence: The workflow involves relocating classes, creating
module.jsonconfiguration files, and running local commands such asphp artisanto verify class resolution. These operations are restricted to the local development environment and occur after user approval.
Audit Metadata