refactoring-inline-types
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (CRITICAL): Arbitrary command execution via shell injection. The skill uses
pnpm type-check 2>&1 | grep \"target-file\"in its validation logic. An attacker can provide a filename containing shell metacharacters (e.g.,file.ts; malicious_command) to gain unauthorized access to the host system.\n- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection risk (Category 8). The skill ingests untrusted code and has the capability to write files and execute commands.\n - Ingestion points: Reads user-specified target files in Step 1.\n
- Boundary markers: None present to distinguish untrusted data from the agent's instructions.\n
- Capability inventory: Full file system write access ('Create types module', 'Update original file') and shell command execution (
pnpm).\n - Sanitization: No input sanitization or filtering is performed on the ingested code or filenames.
Recommendations
- AI detected serious security threats
Audit Metadata