code-refactor
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (
!echo "$1") in theSKILL.mdfile. This pattern directly interpolates the user-provided argument$1into a shell command executed at load time. An attacker could provide an argument containing shell metacharacters (e.g.,; rm -rf /) to execute arbitrary commands on the system. - [PROMPT_INJECTION]: The skill is designed to refactor code from a user-provided directory or file path, which creates an indirect prompt injection surface as the agent ingests untrusted third-party data.
- Ingestion points: Code files located at the file path or directory specified by the user in the
$1parameter. - Boundary markers: Absent. The instructions do not include delimiters or warnings to the subagent to ignore instructions that might be embedded within the source code being refactored.
- Capability inventory: The skill uses the
TaskandTodoWritetools and delegates tasks to a subagent that performs behavior-preserving code transformations. - Sanitization: Absent. There is no validation or filtering of the file content before it is processed by the agent.
Audit Metadata