codebase-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted codebases, which represents an indirect prompt injection surface. Malicious instructions could be embedded in the source code or documentation of the analyzed project to influence the agent's reasoning or behavior.\n
- Ingestion points: The agent is instructed to read and trace logic through codebase files (e.g., in src/, config/) and documentation as described in SKILL.md and analysis-dimensions.md.\n
- Boundary markers: Absent. The instructions do not define specific delimiters or instructions to ignore or isolate commands found within the target files.\n
- Capability inventory: The skill guides the agent to use shell search tools (ripgrep, grep), version control (git), and language-specific development tools (cargo, tokei) on the codebase.\n
- Sanitization: Absent. No mention of sanitizing or validating the content of analyzed files is provided to prevent the agent from executing embedded instructions.
Audit Metadata