code-refactoring-refactor-clean
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and act upon untrusted source code, which presents a high risk for indirect prompt injection attacks. * Ingestion points: The skill accepts 'provided code' as its primary input for analysis and refactoring in SKILL.md. * Boundary markers: There are no explicit delimiters or instructions to treat the input code purely as data and ignore embedded natural language commands. * Capability inventory: The agent is instructed to refactor code, update tests, and verify regressions, which implies significant influence over the codebase and potential code execution capabilities. * Sanitization: No sanitization, escaping, or validation of the input code is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata