code-refactor
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs shell command substitution (!echo "$1") in the context section to resolve target paths. This pattern is vulnerable to command injection if the input argument contains shell metacharacters (e.g., semicolons, backticks, or dollar-sign syntax).
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Content from files and directories specified by the user via the $1 argument. 2. Boundary markers: Absent; the external code is passed directly to the refactoring sub-agent without delimiters. 3. Capability inventory: The skill utilizes the Task tool for delegation and allowed-tools include TodoWrite for file modifications. 4. Sanitization: Absent; there is no filtering or escaping of the ingested code before it is processed by the AI.
Recommendations
- AI detected serious security threats
Audit Metadata