explore-codebase
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points: User request arguments ($ARGUMENTS) are directly used to generate prompts for sub-agents. Boundary markers: The skill attempts to mitigate risks by using structured sections such as 'YOUR ASSIGNED SCOPE' and 'DO NOT EXPLORE' in sub-agent prompts. Capability inventory: The skill invokes other agents (vibe-extras:codebase-explorer) and performs file read/write operations on orchestration files in /tmp. Sanitization: There is no explicit evidence of escaping or sanitizing the user arguments before interpolation.
- [COMMAND_EXECUTION]: The skill uses the local
datecommand via a subprocess call to generate timestamps for its orchestration logs and filenames.
Audit Metadata