structural-refactor
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run 'sudo ln -s /usr/lib/libpcre.so /usr/lib/libpcre.so.3' to create symbolic links in system library paths, representing a high-privilege system modification.
- [REMOTE_CODE_EXECUTION]: Recommends an installation method that pipes a remote script from 'get-comby.netlify.app' directly into a bash shell.
- [EXTERNAL_DOWNLOADS]: Fetches installation scripts from Netlify's hosting service and utilizes multiple package managers including Homebrew, pip, and cargo to download external binaries and libraries.
- [COMMAND_EXECUTION]: Relies on the execution of powerful CLI tools ('comby', '2to3', 'pyupgrade') that are granted permissions to perform automated write operations across the local file system.
- [COMMAND_EXECUTION]: Supports dynamic execution patterns by loading transformation templates and custom language grammars from local configuration files at runtime.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Codebase files (.js, .py, .ts, .sql, etc.) analyzed by the tools. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls to comby, 2to3, and pyupgrade in SKILL.md. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata