code-tour
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions direct the agent to explore and read actual repository files, including READMEs, configuration files, and source code, to construct and verify the walkthrough. This ingestion of untrusted codebase data creates an indirect prompt injection surface. * Ingestion points: Codebase files (README, source code, config files). * Boundary markers: Absent. * Capability inventory: Listing directories, reading files, and writing documentation files. * Sanitization: Absent.
- [NO_CODE]: This skill contains no executable scripts, binaries, or compiled code. It consists entirely of markdown instructions and configuration data.
Audit Metadata