refactor-agents
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill ingests and processes instruction files which may contain untrusted directives. This creates an indirect prompt injection surface where malicious content in AGENTS.md could attempt to influence the agent's behavior during the refactoring process.
- Ingestion points: The skill uses Read and Glob tools to load documentation content in Step 1.
- Boundary markers: No delimiters are specified to isolate the documentation content from the agent's logic.
- Capability inventory: The agent uses Write, Edit, and Skill tools to modify the project structure and execute tasks.
- Sanitization: No input sanitization is performed. However, the skill maintains safety by requiring explicit user confirmation via the AskUserQuestion tool for all conflict resolutions and deletions.
Audit Metadata