Skills
skills/sundial-org/awesome-openclaw-skills/refactor-assist/Gen Agent Trust Hub

refactor-assist

Warn

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs users to run npx ai-refactor, which downloads and executes code from the public npm registry. This package is managed by a third party (LXGIC Studios) and is not from a verified trusted organization.
  • [EXTERNAL_DOWNLOADS]: Usage of the npx command results in the retrieval of the ai-refactor package from the external npm registry at runtime.
  • [COMMAND_EXECUTION]: The skill documents the --apply flag which allows the tool to automatically perform file system modifications on the local machine.
  • [PROMPT_INJECTION]: The skill's primary purpose is to process local source code through an LLM, which presents an indirect prompt injection vulnerability if the code being analyzed contains malicious instructions.
  • Ingestion points: Local source files passed as arguments to the CLI (e.g., src/utils.ts).
  • Boundary markers: No delimiters or specific instructions are provided to the agent to ignore instructions embedded within the analyzed code.
  • Capability inventory: Read access to local files, network access to the OpenAI API, and write access to the filesystem via the --apply flag.
  • Sanitization: No sanitization or validation of the input file content is implemented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 23, 2026, 05:40 PM