rails-refactorer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It is designed to ingest and analyze external source code while possessing high-impact capabilities. * Ingestion points: Uses Read, Grep, and Glob tools to process codebase content. * Boundary markers: Absent; no instructions provided to ignore or delimit instructions found within code comments or external data. * Capability inventory: The skill has access to Write, Edit, and Bash tools across the filesystem. * Sanitization: Absent; the agent is directed to 'Read the existing code thoroughly' and 'Run tests', which could cause it to execute instructions hidden in malicious test files or source code.
- [Command Execution] (MEDIUM): The skill explicitly allows the Bash tool for running tests. This grants a mechanism for arbitrary command execution if the agent's logic is subverted through malicious content in the repository being refactored.
Recommendations
- AI detected serious security threats
Audit Metadata