codebase-locator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [General Security] (SAFE): No malicious instructions, obfuscation, or persistence mechanisms were detected. The skill is entirely composed of natural language guidelines.
- [Data Exposure] (SAFE): The search patterns are targeted at identifying codebase architecture and do not include attempts to access sensitive system files or private credentials.
- [Indirect Prompt Injection] (SAFE): 1. Ingestion points: Codebase files via grep and glob search. 2. Boundary markers: Absent. 3. Capability inventory: File system search tools. 4. Sanitization: Absent. Although the agent processes untrusted codebase data, the risk is mitigated by explicit instructions that restrict the agent to a documentarian role and forbid the analysis of code functionality.
Audit Metadata