code-refiner
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow (Phase 1 and Phase 4) requires the execution of shell commands. This includes Git operations (e.g.,
git diff) and the execution of project-defined test runners and linters to verify refactoring changes. These capabilities grant the agent execution authority over local scripts and binaries. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and act upon data from external project files. Maliciously crafted source code, documentation (like
CLAUDE.md), or configuration files could be used to override the agent's instructions. - Ingestion points: The agent reads project source files, Git history, and development configuration files (
.editorconfig,CLAUDE.md,package.json, etc.). - Boundary markers: The instructions do not specify any delimiters or safety warnings to distinguish between code-to-be-refactored and potential instructions.
- Capability inventory: The skill utilizes shell command execution (Git, tests, linters) and file system read access through a provided Python analysis script.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested file content before it is processed by the model.
Audit Metadata