resonance-refactor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection as it processes untrusted source code. 1. Ingestion points: Reads files via
read_file(SKILL.md). 2. Boundary markers: None identified; it processes code comments and bodies directly. 3. Capability inventory:write_file,edit_file, andrun_command(SKILL.md). 4. Sanitization: None; it is instructed to delete code and rename variables based on the content it reads. An attacker could embed instructions in a comment to delete specific files or run malicious code via the test runner.- COMMAND_EXECUTION (HIGH): The skill usesrun_commandto 'Verify' changes (SKILL.md). If an Indirect Prompt Injection attack successfully influences the refactoring process or the test suite itself, the agent will execute arbitrary commands with the user's local privileges.
Recommendations
- AI detected serious security threats
Audit Metadata