refactor
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and follows instructions found in external project files like CLAUDE.md and build configurations.
- Ingestion points: SKILL.md (Step 0.2 and 1.2) reads project-specific documentation and configuration files.
- Boundary markers: No explicit delimiters or instructions are used to prevent the agent from being influenced by malicious content within the ingested data.
- Capability inventory: The skill has access to Bash (command execution), Write/Edit (file modification), and WebFetch (network operations).
- Sanitization: The skill does not perform validation or sanitization of the content extracted from the files before acting on it.
- [COMMAND_EXECUTION]: The skill executes shell commands discovered from the local project environment to perform verification tasks. While essential for refactoring, this behavior trusts the commands defined in the target codebase, which could be exploited if an attacker controls the project configuration.
Audit Metadata