large-file-refactorer
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation and command files provide instructions for installation and updates via a remote shell script fetched from the author's GitHub repository. Evidence:
curl -fsSL https://raw.githubusercontent.com/Alcyone-Labs/large-file-refactorer/main/install.sh | bashandcurl -fsSL https://raw.githubusercontent.com/Alcyone-Labs/agent-skills/main/install.sh | bash -s -- --local --droid. This is a vendor-owned resource for tool setup. - [COMMAND_EXECUTION]: The skill uses various shell commands as part of its analysis and refactoring workflows. Evidence: Execution of
wc -l,grep,npm test,npm run lint, andnpm run formatwithin the manifest and protocol references. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests and processes untrusted data from the user's codebase. Evidence Chain:
- Ingestion points: The discovery phase reads files matching multiple code extensions as defined in
SKILL.mdand the command workflows. - Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings were found in the processing logic.
- Capability inventory: The agent has the ability to execute shell commands (
bash) and write to the file system during the refactoring process. - Sanitization: There is no evidence of sanitization or filtering of the content read from the code files before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Alcyone-Labs/large-file-refactorer/main/install.sh - DO NOT USE without thorough review
Audit Metadata