request-refactor-plan
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a process-oriented workflow for architectural planning and documentation. No malicious patterns, obfuscation, or unauthorized access attempts were detected.
- [DATA_EXFILTRATION]: Although the skill transmits data to an external service (GitHub) by creating an issue, it explicitly mandates: 'Do NOT include specific file paths or code snippets.' This instruction helps prevent the accidental exposure of sensitive internal code or structural details in public or shared issue trackers.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from two potentially untrusted sources: the local repository files and user interview responses. However, the use of a rigid output template and the prohibition of code snippets significantly reduces the attack surface for instructions embedded in the codebase to influence the agent's external actions.
Audit Metadata