cs-refactor
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of various local shell commands to manage the refactoring lifecycle. This includes using
gitfor version control,grepfor code analysis, and a specific Python scriptvalidate-yaml.pyto verify the integrity of generated checklists. It also executes project-specific tests, linters, and type checkers during the verification phase.- [PROMPT_INJECTION]: The skill is designed to ingest and modify untrusted data in the form of user source code. While this is necessary for its primary function, it creates a potential attack surface for indirect prompt injection where malicious instructions embedded in code could influence the agent's behavior. - Ingestion points: The agent reads source files from the repository during the
scanandapplyphases to identify optimization points and perform modifications. - Boundary markers: The workflow utilizes structured Markdown files and YAML frontmatter (e.g.,
scan.md,refactor-design.md) to distinguish between operational instructions and the code being processed. - Capability inventory: The skill possesses significant capabilities, including file write access across the repository, execution of shell commands (git, grep, python), and retrieval of file contents.
- Sanitization: There is no automated sanitization of the processed code. Instead, the skill relies on a rigid multi-stage human approval process (requiring user sign-off for the scan results, the design plan, and every individual execution step) to mitigate the risk of unintended or malicious changes.
Audit Metadata