code-pointer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A comprehensive security review of the skill's instructions and reference documentation found no evidence of malicious intent, prompt injection, or safety bypasses.
- [COMMAND_EXECUTION]: The skill legitimately uses the Bash tool to interact with the Visual Studio Code command-line interface (code). The provided integration patterns demonstrate best practices, such as quoting file paths to handle spaces and performing existence checks before opening files.
- [INDIRECT_PROMPT_INJECTION]: The skill includes patterns for reading local data, creating a potential surface for indirect prompt injection. 1. Ingestion points: The skill uses grep to search local files for TODO markers (documented in references/integration_patterns.md). 2. Boundary markers: No specific delimiters or boundary markers are used when processing file content. 3. Capability inventory: The skill has access to the Bash tool and VSCode CLI. 4. Sanitization: The skill performs path validation to ensure files exist. This surface is assessed as safe because the file content is only used to determine navigation coordinates and is not executed or treated as instructions.
Audit Metadata