jb-refine-code
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill workflow explicitly requires running 'build/tests to verify behavior'. This involves executing arbitrary commands on the host system based on the project's configuration (e.g., make, npm test, pytest) without validation of the command contents.- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. It ingests 'changes just made' (untrusted external data) and uses its command execution capability to process them.
- Ingestion points: Processes code changes and project files as described in SKILL.md.
- Boundary markers: None. There are no instructions to ignore embedded commands or validate scripts before execution.
- Capability inventory: Execution of build and test suites via subprocesses.
- Sanitization: None. The agent blindly trusts the existing project build/test infrastructure, which can be manipulated by an attacker.
Recommendations
- AI detected serious security threats
Audit Metadata