code-refactor-executor
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted documentation files (
audit.mdandimprovements.md) to generate and execute an implementation plan. An attacker could embed instructions within these files to manipulate the agent's actions. - Ingestion points: Reads
audit.mdandimprovements.mdfrom the local workspace (SKILL.md). - Boundary markers: Absent; the skill does not use delimiters or warnings to ignore instructions embedded within the ingested data.
- Capability inventory: Includes file modification tools (
replace_file_content,multi_replace_file_content) and terminal command execution capabilities. - Sanitization: Absent; there is no evidence of validation or sanitization of the content before it influences the agent's planning and execution logic.
- [COMMAND_EXECUTION]: The skill plans and executes terminal commands (e.g.,
npm test,pytest,go build) to verify changes. If the planning phase is compromised by indirect injection, the agent may execute arbitrary or malicious commands as part of the verification process.
Audit Metadata