index-knowledge
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution for Repository Analysis: The skill executes standard system commands such as
find,awk,wc, andsedto analyze the project's file structure, line counts, and directory depth. - These commands are used solely for gathering metadata about the codebase to determine where documentation should be generated.
- Indirect Prompt Injection Surface: The skill reads existing documentation files (like
AGENTS.mdandCLAUDE.md) and source code comments to inform its generation process. - Ingestion points: Content is retrieved via
Readoperations andfindcommands across the local filesystem (SKILL.md). - Boundary markers: The instructions do not currently specify explicit delimiters to separate processed data from agent instructions.
- Capability inventory: The skill has the ability to execute bash commands, spawn subagents via
Taskcalls, and write files to the disk (SKILL.md). - Sanitization: There is no explicit sanitization of the content read from the files before it is processed by the agent.
- Note: While this presents a surface for potential instruction influence from the codebase being analyzed, it is a common characteristic of automated documentation tools.
- Dynamic Agent Spawning: To handle large projects efficiently, the skill dynamically spawns subagents using
Taskcalls to perform parallel analysis tasks. - This architecture is a standard practice for managing complexity in agentic workflows and allows the tool to scale with the project size.
Audit Metadata