code-cleaner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a major vulnerability surface by processing external codebases with high-privilege capabilities. \n
- Ingestion points: The skill uses 'Read', 'Grep', and 'Glob' to ingest external codebase content into the agent context. \n
- Boundary markers: Absent. There are no instructions to help the agent distinguish between the refactoring logic and the content of the files being processed. \n
- Capability inventory: The skill has access to 'Write', 'Bash', and 'Edit', which allow it to modify files and execute shell commands. \n
- Sanitization: Absent. The agent is directed to identify and act on 'Zombie Code' and 'God Classes' without checks for embedded adversarial instructions. \n- Command Execution (MEDIUM): The skill uses the 'Bash' tool to execute 'python {baseDir}/scripts/run_ruff.py'. While 'ruff' is a trusted linting package, the pattern of executing local scripts while having access to a potentially attacker-controlled codebase increases the risk of local command injection or logic subversion.
Recommendations
- AI detected serious security threats
Audit Metadata