cartography
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes a local Python script (
cartographer.py) stored in the user's configuration directory. While this is the intended functionality for mapping the codebase, it represents a local execution surface that relies on the integrity of the skill's installed scripts.\n- PROMPT_INJECTION (LOW): The skill exhibits an attack surface for indirect prompt injection (Category 8) as it is designed to scan and document untrusted codebases.\n - Ingestion points: The skill reads the directory structure and file contents of target repositories (documented in
SKILL.mdStep 2 andtest_cartographer.py).\n - Boundary markers: There are no explicit instructions or delimiters defined to prevent the sub-agents ('Explorers') from following instructions embedded in the code or metadata they are documenting.\n
- Capability inventory: The system can execute shell commands (
python3) and grant write permissions to agents to modifycodemap.mdfiles throughout the repository.\n - Sanitization: No sanitization or safety-filtering of the ingested repository data is mentioned in the provided scripts or instructions.
Audit Metadata