Skills
skills/sirn/dotfiles/code-refactor/Gen Agent Trust Hub

code-refactor

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the jj (Jujutsu) command-line tool, specifically jj diff -s and jj diff -- path, to inspect local file modifications.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads and processes external, untrusted source code that could contain adversarial instructions.
  • Ingestion points: Untrusted data is ingested into the agent context through the output of jj diff commands which read local repository files.
  • Boundary markers: The prompt templates lack explicit delimiters or instructions to ignore embedded commands within the ingested code sections.
  • Capability inventory: The agent possesses the capability to execute specific shell commands (jj) and perform network-based information retrieval via WebSearch and WebFetch tools.
  • Sanitization: No sanitization or validation of the ingested code content is performed before it is analyzed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 02:18 AM
Security Audit — agent-trust-hub — code-refactor