code-refactoring-refactor-clean
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk attack surface for indirect prompt injection. It ingests untrusted source code through the $ARGUMENTS variable and is explicitly directed to 'Apply changes' and 'Update tests', which grants it write access to the filesystem and potential command execution capabilities. An attacker could provide code containing malicious instructions (e.g., within comments) that the agent might follow while attempting to perform the refactor.
- Ingestion points: Untrusted code processed via $ARGUMENTS.
- Boundary markers: None identified; there are no delimiters separating the agent's instructions from the code being processed.
- Capability inventory: File system modification ('Apply changes') and execution of test suites ('Update tests').
- Sanitization: None; the skill does not include logic to filter or ignore instructions found within the data it refactors.
Recommendations
- AI detected serious security threats
Audit Metadata