peach-refactor-backend
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interpolates the user-provided
[module]parameter directly into shell commands such asls -la api/src/modules/[모듈명]/andcat api/src/modules/[모듈명]/*.tsin SKILL.md. This poses a risk of command injection if shell metacharacters are included in the input. - [DATA_EXFILTRATION]: Risk of path traversal via the user-controlled module name in file access commands. An attacker could attempt to read sensitive files outside the intended scope using traversal sequences like
../../.env. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection.
- Ingestion points: Local source files read from
api/src/modules/[모듈명]/*.ts(SKILL.md). - Boundary markers: Absent; there are no instructions to ignore embedded commands or comments in the analyzed files.
- Capability inventory: High-privilege subprocess execution including
bun run build,bun test, andbun run lint:fixed. - Sanitization: Absent; content from external files is ingested and processed as trusted context for refactoring.
Audit Metadata