context-gathering
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill's core function is to ingest data from unfamiliar codebases, which represents an inherent attack surface. However, the risk is negligible as the skill lacks execution capabilities.
- Ingestion points: Any project file including README.md, documentation, and source code.
- Boundary markers: The agent is instructed to use a specific YAML output template to structure findings.
- Capability inventory: The skill possesses no capabilities for command execution (exec/eval), file writing, or network operations.
- Sanitization: No explicit sanitization of codebase content is performed before summarization.
- [No Code] (SAFE): No scripts (Python, Node.js, etc.) or binary files are included in this skill.
- [Prompt Injection] (SAFE): No attempts to bypass safety filters or extract system prompts were detected. Strong instructional language like 'CRITICAL' is used exclusively for task-specific confidence checks.
Audit Metadata