refactor
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates development lifecycle tasks using standard CLI tools.
- It executes
npm run typecheckandnpm testto verify the code baseline and ensure no regressions are introduced during the refactor. - It manages the local filesystem state and recovery via
git checkoutandgit revertcommands. - It references a local utility script
scripts/run-with-timeout.jsto execute tasks with a defined timeout, which is a standard pattern for managing long-running processes in automated environments. - [PROMPT_INJECTION]: The skill processes project files which constitutes a potential surface for indirect prompt injection.
- Ingestion points: During Phase 2 (PLAN), the skill reads content from various files across the codebase to identify symbols, imports, and usage sites.
- Boundary markers: The instructions do not explicitly define delimiters when reading file content into the agent's context.
- Capability inventory: The skill is capable of filesystem modifications (create, write, delete) and command execution via git and npm.
- Sanitization: Content read from files is not sanitized before processing.
- Context: This surface is intrinsic to the tool's core function (refactoring code) and the risk is mitigated by a structured plan phase and easy reversal through version control.
Audit Metadata