map
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements an automated codebase exploration process that reads project files (manifests, schemas, routes, and logic) to generate documentation. This creates a potential surface for indirect prompt injection, as the agent processes untrusted content from the repository.
- Ingestion points: The skill uses an exploration subagent to read files like
package.json,prisma/schema.prisma,SQL migrations, and various source code directories. - Boundary markers: The instructions do not specify the use of clear delimiters or instructions to ignore embedded prompts within the files being analyzed.
- Capability inventory: The skill utilizes file-reading capabilities across the repository and file-writing capabilities specifically targeting the
CLAUDE.mdfile in the project root. - Sanitization: There is no explicit sanitization or filtering of the content extracted from the codebase before it is used by the LLM to generate the final documentation content.
Audit Metadata