refactor-cleaner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill's core purpose is to perform destructive operations on the filesystem and project configuration.
- Evidence: The '安全移除流程' and '常見移除模式' sections explicitly instruct the agent to delete source files and modify 'package.json' to remove dependencies.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes 'npx' to download and execute multiple third-party tools from the npm registry.
- Evidence: Commands like 'npx knip', 'npx depcheck', and 'npx ts-prune' are used for analysis without specifying package versions, potentially exposing the environment to supply chain attacks.
- Indirect Prompt Injection (HIGH): The skill lacks safeguards when processing untrusted data (the codebase itself) which influences its high-privilege write/delete capabilities.
- Ingestion points: Project source files, 'package.json', and the stdout/stderr output of detection tools like knip.
- Boundary markers: Absent. The skill does not provide clear delimiters or instructions to the agent to ignore potentially malicious content within the code being analyzed.
- Capability inventory: File deletion, modification of 'package.json', and 'git' operations (commit, revert).
- Sanitization: Absent. The agent is expected to 'verify' findings manually, but there are no automated checks to prevent an attacker from poisoning tool outputs via cleverly crafted code patterns.
Recommendations
- AI detected serious security threats
Audit Metadata