skills/fusengine/codex/modularize/Gen Agent Trust Hub

modularize

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted project code and configuration files to build migration plans, which introduces a surface for indirect prompt injection.
  • Ingestion points: The agent maps files, dependencies, imports, and exports from the target codebase to detect frameworks and plan modularization.
  • Boundary markers: The skill mandates a "Show migration map" step and explicitly requires that the agent "wait for explicit confirmation before proceeding" to any modifications.
  • Capability inventory: Capabilities include file movement, directory creation, and source code refactoring, alongside execution of validation tools like fuse-ai-pilot:sniper.
  • Sanitization: There is no specific description of content sanitization for the code being analyzed.
  • [COMMAND_EXECUTION]: The skill performs local file system operations and executes framework-specific validation commands.
  • Evidence: The workflow involves relocating classes, creating module.json configuration files, and running local commands such as php artisan to verify class resolution. These operations are restricted to the local development environment and occur after user approval.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 05:09 PM
Security Audit — agent-trust-hub — modularize