orchestrate-batch-refactor
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted source code from a repository (ingestion point: target scope in
SKILL.md). While it uses prompt templates (boundary markers:references/agent-prompt-templates.md) to instruct agents to focus on specific files and ignore unrelated content, malicious instructions embedded in the codebase could theoretically influence the Explorer or Worker agents. The skill has capabilities for file modification and command execution (capability inventory:SKILL.md). No explicit sanitization of input code is mentioned. - [COMMAND_EXECUTION]: The workflow relies on executing local shell commands for validation (e.g.,
npm run test,npm run typecheck) as part of the work packet integration process. These are standard developer operations intended to ensure the integrity of the refactor and are restricted to the local development environment.
Audit Metadata