Skills
skills/vibeeval/vibecosystem/refactor/Gen Agent Trust Hub

refactor

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the [TARGET_CODE] parameter. Malicious instructions embedded within the code being processed (e.g., in comments or string literals) could potentially override the sub-agents' instructions.
  • Ingestion points: The [TARGET_CODE] variable is interpolated into prompts for the phoenix, plan-agent, kraken, plan-reviewer, and arbiter agents in SKILL.md.
  • Boundary markers: No specific delimiters or XML tags are used to isolate the untrusted [TARGET_CODE] from the agent instructions.
  • Capability inventory: The workflow includes the kraken agent, which performs file writes to implement code changes, and the arbiter agent, which executes commands to run tests and linters.
  • Sanitization: There is no evidence of input validation or sanitization for the provided code content.
  • [COMMAND_EXECUTION]: The arbiter agent is explicitly instructed to execute system commands to 'Run full test suite', 'Check type errors', and 'Run linting'. If a refactoring step introduces malicious code into a test file, or if the original test suite is compromised, the agent will execute it on the host system.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:04 AM
Security Audit — agent-trust-hub — refactor