code-context-finder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE] (SAFE): The skill accesses local source code to map relationships (imports, callers). This is a core function of the tool and no external network exfiltration patterns were found.
- [COMMAND_EXECUTION] (SAFE): Uses standard utility commands like
grepandfindfor text searching within the local workspace. These commands are used for their intended purpose in a development context. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data (source code files). While this represents a potential attack surface if an attacker can commit malicious comments to the repo, the risk is mitigated as the skill primarily extracts structured relationship data rather than executing code found in comments.
- Ingestion points:
scripts/find-code-relationships.pyreads all files in the root directory usingPath.read_text(). - Boundary markers: None explicitly implemented in script output formatting.
- Capability inventory: File system read access, regex processing, and outputting summaries to the LLM.
- Sanitization: Basic regex filtering is used, but the raw context of matched lines is passed back to the LLM.
Audit Metadata