implement-refactor
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands to facilitate the refactoring workflow, including
git status,git mv, andgit commit. It also dynamically identifies and runs 'automated checks' (such as unit tests, linters, or type-checkers) to establish a green baseline and verify that behavior is preserved after refactoring. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and follows instructions extracted from project-local plan files (
progress.md,STATE.md). - Ingestion points: The skill reads refactor unit descriptions from
.plans/clean/<feature>/progress.mdor.plans/clean-bob/<layer>/progress.md, as well as configuration and glossary data fromSTATE.mdandCONTEXT.md. - Boundary markers: Absent. The skill treats the text within the plan files as authoritative instructions for the next refactor unit without explicit delimiters or 'ignore' instructions.
- Capability inventory: The skill possesses the capability to modify project source code, rename or move files, and execute shell commands for git operations and testing.
- Sanitization: No sanitization or validation of the plan file content is performed prior to processing.
Audit Metadata