Skills
skills/quinteroac/aurora/execute-refactor-item/Gen Agent Trust Hub

execute-refactor-item

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it accepts and follows instructions from dynamic refactor item descriptions.
  • Ingestion points: The item_description and item_title context variables, alongside the .agents/PROJECT_CONTEXT.md file.
  • Boundary markers: Absent. The instructions lack delimiters or specific directives to the agent to disregard malicious instructions embedded within the refactor data.
  • Capability inventory: The skill can modify any source code file and execute arbitrary shell commands for quality and type checks.
  • Sanitization: Absent. No validation or filtering is performed on the refactor item data.
  • [COMMAND_EXECUTION]: The skill triggers the execution of local shell commands defined as quality checks or compilation steps within the project context. If the project context or refactor item is manipulated, this allows for the execution of arbitrary local code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 09:15 AM
Security Audit — agent-trust-hub — execute-refactor-item