refactoring
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided source code to detect smells and suggest improvements. This constitutes an indirect prompt injection surface where malicious instructions could be embedded in code comments or data strings to influence the agent.
- Ingestion points: Source code provided for analysis in SKILL.md.
- Boundary markers: No explicit delimiters are specified in the instructions.
- Capability inventory: File editing and shell-based verification.
- Sanitization: None mentioned for external code input.
- [COMMAND_EXECUTION]: The documentation provides example shell scripts for hooks and CI/CD pipelines that use commands like
git diff,npm test,grep, andsedto verify refactoring safety and correctness.
Audit Metadata