auto-refactor
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local development tools via
npm run typecheck,npm run lint:all, andnpm test. These commands are used to identify errors and verify the success of refactoring efforts within the user's project environment. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes the project's source code (e.g., files in
app/routes/,app/lib/) and has the capability to modify those files or execute commands based on that content. - Ingestion points: Source code files in the
app/directory are read during the Phase 2 analysis and execution. - Boundary markers: Absent. There are no explicit instructions or delimiters used to ensure the agent ignores natural language instructions that might be embedded as comments within the source code.
- Capability inventory: The skill possesses file-writing capabilities (for refactoring) and command execution capabilities (via
npmscripts). - Sanitization: Absent. The skill does not perform validation or sanitization on the content of the files it processes before incorporating them into its decision-making logic.
Audit Metadata