service-layer-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): This skill defines a workflow where an AI agent ingests untrusted external data (source code) and performs high-privilege operations (file system writes and reorganization). This is a classic indirect prompt injection surface.
- Ingestion points: The skill is intended to process user-provided source code (e.g., 'fat controllers' or 'business logic') as described in the frontmatter and examples.
- Boundary markers: None present. There are no instructions to the agent to treat input code as untrusted or to ignore embedded natural language instructions within comments or strings.
- Capability inventory: The skill explicitly directs the agent to perform file system modifications, including 'Create service classes', 'Move business logic', and 'Folder structure reorganized'.
- Sanitization: None present. The skill lacks any mechanisms for sanitizing or validating the input code before the agent processes and acts upon it.
Recommendations
- AI detected serious security threats
Audit Metadata