fix-all-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted project files (source code, schemas) to automate code refactoring.
- Ingestion points: Scans local project source code, database schemas, and directory structures via the
references/workflow.mdprocedure. - Boundary markers: Lacks explicit delimiters or instructions to prevent the agent from following malicious instructions embedded within code comments or strings of the files being scanned.
- Capability inventory: Has file-write permissions for refactoring and the ability to trigger the execution of other agent skills.
- Sanitization: No explicit sanitization or validation of ingested project data is mentioned prior to processing.
- [COMMAND_EXECUTION]: The skill is designed to automatically discover and execute a variable list of other skills (those ending in
best-practice). While it orchestrates internal agent tools, this dynamic execution pattern relies on the integrity of all installed skills within the environment.
Audit Metadata