codebase-onboarding
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a series of shell commands in its 'Gather Facts' phase to perform local analysis of the target codebase. These commands include directory traversal, manifest parsing via Python, and searching for environment variable keys to inform documentation generation.
- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from the analyzed codebase.
- Ingestion points: The agent reads file contents (package.json, source files), directory structures, and git logs using
cat,grep, andfindcommands, as well as through the provided Python analysis scripts. - Boundary markers: No explicit delimiters or boundary markers are used when interpolating codebase data into the documentation generation prompts.
- Capability inventory: The skill has filesystem read access and the ability to execute shell commands and Python scripts for analysis.
- Sanitization: No content sanitization or escaping of external data is present in the provided scripts or instructions.
Audit Metadata