gsd-codebase-mapper
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute filesystem commands such as ls, cat, find, and grep to explore and analyze codebase structure and file contents.
- [DATA_EXFILTRATION]: The skill explicitly reads project configuration files, including .env*, which typically contain sensitive environment variables, secrets, and API keys. This exposes potentially sensitive data to the agent context during the technology stack analysis phase.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the analyzed codebase and produces documentation used by downstream agents.
- Ingestion points: Reads codebase files and comments using cat and grep commands (SKILL.md).
- Boundary markers: The skill lacks explicit instructions or markers to distinguish between legitimate code and potentially malicious embedded instructions within the documents it generates.
- Capability inventory: The skill possesses Write and Bash tools, allowing for filesystem modification and command execution based on analyzed content (SKILL.md).
- Sanitization: No evidence of sanitization or content validation is present to filter malicious instructions before they are written to the planning documents.
Audit Metadata