understand-anything-knowledge-graph
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning source code from the author's GitHub repository (github.com/Lum1104/Understand-Anything) and installing dependencies via pnpm. These are standard development workflows for the provided functionality.
- [COMMAND_EXECUTION]: The skill provides several commands like /understand and /understand-dashboard that execute local scripts and analysis pipelines. These are integral to the core functionality of mapping a codebase.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and summarizes content from the user's codebase. Ingestion points: The file-analyzer agent reads all files within the target project directory. Boundary markers: None explicitly defined. Capability inventory: Read access to filesystem and subprocess execution. Sanitization: No specific filtering of codebase content is described.
Audit Metadata