project-index
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill creates an attack surface by indexing untrusted data (file and directory names) into a document (
docs/structure.md) that agents are explicitly instructed to use as a primary navigation source. - Ingestion points: Repository file and directory names via
scan_structure.pyandscan-structure.js. - Boundary markers: Absent. Filenames are interpolated directly into Markdown tables and trees without encapsulation.
- Capability inventory: Filesystem scanning and document creation.
- Sanitization: Absent for filename content. While it ignores secret files like
.env, it does not sanitize names for potential command or instruction strings. - [Command Execution] (LOW): The skill relies on executing local Python or Node.js scripts. This is standard functionality for indexing but requires the local script environment to be secure and the paths to be correctly configured.
- [Data Exposure] (SAFE): The skill contains built-in ignore patterns for sensitive files (e.g.,
.env,node_modules,venv), which follows best practices for preventing the inclusion of credentials in the generated index.
Audit Metadata