Skills
skills/quinteroac/nerds-vibecoding-survivor-toolkit/refactor-prototype/Gen Agent Trust Hub

refactor-prototype

Warn

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is instructed to run arbitrary shell commands specified in the it_{iteration}_audit.json file. The prompt explicitly directs the agent to 'run each quality check or command listed in the plan,' which allows the data file to control the agent's execution environment.
  • [PROMPT_INJECTION]: The instructions contain a directive for the agent to 'Perform the full refactor autonomously' and 'do not stop mid-way to ask the user what to do next or whether to continue.' This concealment pattern suppresses human oversight and ensures that any malicious behavior triggered by the input data proceeds without interruption.
  • [INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it treats content from an external file as a source of truth for actions.
  • Ingestion points: .agents/flow/it_{iteration}_audit.json (SKILL.md)
  • Boundary markers: Absent. The skill does not use delimiters or warnings to prevent the agent from obeying instructions embedded in the audit data.
  • Capability inventory: The agent has full write access to the codebase and the ability to execute arbitrary shell commands.
  • Sanitization: Absent. There is no validation or filtering of the commands or refactor items before they are processed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 25, 2026, 04:49 AM