codebase-onboarding
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the local codebase to generate agent instructions.
- Ingestion points: The skill reads files throughout the repository, including manifests, configuration files, and existing CLAUDE.md files as part of its reconnaissance and generation phases (SKILL.md).
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing or summarizing external file content.
- Capability inventory: The skill generates an onboarding guide and has the capability to write or update a CLAUDE.md file in the project root, which governs the agent's behavior and project conventions (SKILL.md).
- Sanitization: No sanitization, escaping, or validation of the ingested codebase content is mentioned before it is interpolated into the generated instructions.
Audit Metadata