Skills
skills/codealive-ai/ai-driven-development/refactoring-csharp/Gen Agent Trust Hub

refactoring-csharp

Fail

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's documentation and installation scripts (install.sh, install.ps1) utilize piped shell execution commands (curl | bash and irm | iex) to fetch and execute installers from the author's GitHub repository.
  • [EXTERNAL_DOWNLOADS]: The installer downloads prebuilt binaries and the skill package from the vendor's repository (CodeAlive-AI/ai-driven-development) during setup.
  • [COMMAND_EXECUTION]: The agent is instructed to execute a CLI tool (bin/csharp-refactor) or invoke the .NET SDK via dotnet run to perform refactorings on the project.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
  • Ingestion points: The skill ingests untrusted data by reading C# source code files from the user's repository via the Roslyn API.
  • Boundary markers: The skill does not implement boundary markers or instructions for the agent to ignore potentially malicious instructions embedded in comments or strings within the code files.
  • Capability inventory: The agent has the capability to modify the filesystem by running the refactoring tool which writes changes to disk.
  • Sanitization: There is no evidence of content sanitization or validation of the source code content before it is processed and returned to the agent context.
Recommendations
  • HIGH: Downloads and executes remote code from: https://github.com/CodeAlive-AI/ai-driven-development/releases/download/refactoring-csharp-v0.1.0/install-refactoring-csharp.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 14, 2026, 04:56 PM
Security Audit — agent-trust-hub — refactoring-csharp