Skills
skills/harivansh-afk/system-design/codebase-agent/Gen Agent Trust Hub

codebase-agent

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill implements a feedback loop where it reads from learnings.md to determine its behavior and conventions.
  • Ingestion points: The agent is instructed to 'Check learnings first' by reading learnings.md and applying the patterns found there. This file is intended to be updated automatically based on previous coding sessions.
  • Boundary markers: The instructions lack boundary markers or specific warnings to ignore natural language instructions that might be embedded within the 'Patterns' or 'Failures' sections of learnings.md.
  • Capability inventory: The skill is granted extensive capabilities including Bash, Write, and Edit tools, allowing for significant system impact if the agent's instructions are subverted.
  • Sanitization: There is no evidence of sanitization or filtering for the data that /retrospective or /setup-agent populates into the markdown files.
  • [COMMAND_EXECUTION]: The skill's configuration (allowed-tools) explicitly enables the Bash tool. This allows the agent to execute arbitrary shell commands, which increases the potential impact of a successful prompt injection attack.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 11:04 AM