fe-refactor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core functionality.\n
- Ingestion points: Local source files and related project files read via $ARGUMENTS.\n
- Boundary markers: None. The agent does not use delimiters to distinguish code from potential instructions.\n
- Capability inventory: Full filesystem read/write access and the ability to execute shell commands.\n
- Sanitization: None. Malicious instructions hidden in code comments or strings could be interpreted as agent commands to exfiltrate data or modify sensitive files.\n- [Command Execution] (MEDIUM): The refactoring procedure includes a 'Verification' step to run existing tests. This typically involves executing commands like 'npm test'. If an attacker controls the project's 'package.json' or test scripts, they can achieve Remote Code Execution (RCE) when the agent attempts to verify the refactoring.
Recommendations
- AI detected serious security threats
Audit Metadata