request-refactor-plan

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security vulnerabilities or malicious patterns were detected. The skill's operations, including repository exploration and GitHub issue creation, are aligned with its documented purpose of planning and documenting code refactors.
  • [INDIRECT_PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it ingests data from both the local repository and user input to populate a GitHub issue template. This is a standard risk for tools processing external data.
  • Ingestion points: Repository codebase and user-provided descriptions (SKILL.md).
  • Boundary markers: None explicitly defined to separate untrusted data from the issue generation instructions.
  • Capability inventory: Repository exploration (read) and GitHub issue creation (write).
  • Sanitization: Not explicitly implemented in the provided instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 06:10 AM
Security Audit — agent-trust-hub — request-refactor-plan