Skills
skills/quinteroac/reelpod-studio/refactor-prototype/Gen Agent Trust Hub

refactor-prototype

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is explicitly instructed to execute commands extracted from the audit_json_path file as part of its quality checks. This includes both pre-defined commands like bun run typecheck and any arbitrary shell commands listed in the refactor plan.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from multiple iteration artifacts.
  • Ingestion points: Reads refactor instructions and commands from .agents/flow/it_{iteration}_audit.json, .agents/flow/it_{iteration}_PRD.json, and .agents/flow/it_{iteration}_progress.json.
  • Boundary markers: Absent. The instructions tell the agent to use these files as its "primary sources of truth" without specifying delimiters or safety warnings regarding embedded content.
  • Capability inventory: The agent has the authority to modify the entire codebase, execute shell commands, and write reports to the filesystem.
  • Sanitization: Absent. There is no mention of validating or sanitizing the content or commands retrieved from the JSON files before they are processed or executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 03:02 AM
Security Audit — agent-trust-hub — refactor-prototype