cs-refactor

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the execution of various local shell commands to manage the refactoring lifecycle. This includes using git for version control, grep for code analysis, and a specific Python script validate-yaml.py to verify the integrity of generated checklists. It also executes project-specific tests, linters, and type checkers during the verification phase.- [PROMPT_INJECTION]: The skill is designed to ingest and modify untrusted data in the form of user source code. While this is necessary for its primary function, it creates a potential attack surface for indirect prompt injection where malicious instructions embedded in code could influence the agent's behavior.
  • Ingestion points: The agent reads source files from the repository during the scan and apply phases to identify optimization points and perform modifications.
  • Boundary markers: The workflow utilizes structured Markdown files and YAML frontmatter (e.g., scan.md, refactor-design.md) to distinguish between operational instructions and the code being processed.
  • Capability inventory: The skill possesses significant capabilities, including file write access across the repository, execution of shell commands (git, grep, python), and retrieval of file contents.
  • Sanitization: There is no automated sanitization of the processed code. Instead, the skill relies on a rigid multi-stage human approval process (requiring user sign-off for the scan results, the design plan, and every individual execution step) to mitigate the risk of unintended or malicious changes.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 01:59 PM
Security Audit — agent-trust-hub — cs-refactor