codebase-librarian
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze untrusted content from a local codebase.
- Ingestion points: The skill reads multiple file types including
README.md,ARCHITECTURE.md, configuration files, and source code across the entire project structure. - Boundary markers: Absent. The instructions do not include delimiters or specific warnings to the agent to ignore instructions found within the files it is cataloging.
- Capability inventory: The skill utilizes file system read access and file system write access (to create the inventory markdown file).
- Sanitization: None. The agent is instructed to "observe and catalog" which involves interpreting the content of the files directly.
- [Data Exposure] (SAFE): The skill targets architectural inventory. While it looks for patterns related to secrets and infrastructure (e.g.,
secrets,.env.example), its instructions are focused on documentation rather than extraction of sensitive values. Users should ensure they do not run this on sensitive environments if they wish to avoid the agent reading path names of configuration files.
Audit Metadata