magento-controller-refactor
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to identify deprecated patterns and verify the refactored results. This includes using grep to search for code patterns and running
php -lfor syntax checking, as well as suggesting Magento-specific CLI commands likebin/magento setup:di:compileandbin/magento cache:flush. These actions are within the expected behavior for a code refactoring tool.\n- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by reading and processing external PHP files from the user's filesystem.\n - Ingestion points: PHP files within local directories specified by the user (e.g.,
app/code/).\n - Boundary markers: The skill does not define explicit delimiters or instructions to ignore potential commands embedded in code comments within the files being refactored.\n
- Capability inventory: The agent has the ability to read files, write refactored code, and execute shell commands for linting and system maintenance.\n
- Sanitization: No explicit sanitization or filtering of the file content is performed prior to processing.
Audit Metadata