researching
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE]: The skill reads codebase files to generate technical documentation. While this is its core function, it constitutes an ingestion point for potentially untrusted data from the repository being analyzed.
- [COMMAND_EXECUTION]: The skill spawns parallel sub-agents (codebase-locator, codebase-analyzer, etc.) to perform research tasks. These sub-agents are given specific scopes but operate autonomously based on the synthesized plan.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) via the files it reads.
- Ingestion points: Codebase files mentioned by the user or discovered during research are read in their entirety (SKILL.md, Step 1).
- Boundary markers: No specific delimiters or safety instructions are defined to prevent the agent from following instructions embedded in code comments or documentation.
- Capability inventory: The agent can read files, write to the filesystem (thoughts/ directory), and spawn additional task-based agents.
- Sanitization: There is no evidence of sanitization or filtering of the content read from files before it is processed or used to generate new research documents.
Audit Metadata