cocoindex
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The file is a documentation reference and does not contain any executable scripts or binary files.
- [CREDENTIALS_UNSAFE] (SAFE): Environment variable examples for API keys and database URLs use standard placeholders (e.g., 'sk-...', 'user:password') rather than hardcoded secrets.
- [COMMAND_EXECUTION] (SAFE): The documented CLI tool performs local code execution of Python modules to define flows. This is the primary intended purpose of the tool and is considered safe in this context.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill documentation defines a surface for indirect prompt injection. 1. Ingestion points: The update and evaluate commands process data from external sources such as LocalFile and databases. 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are described. 3. Capability inventory: The tool performs database writes and interacts with LLM APIs. 4. Sanitization: No sanitization logic for source data is documented in this CLI reference.
Audit Metadata