map
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted local project files to generate a symbol map, which creates a surface for instructions embedded in source code to influence agent behavior.\n
- Ingestion points: Project source files processed by
symbol_map.py.\n - Boundary markers: Absent; there are no instructions to the agent to ignore symbols that look like commands.\n
- Capability inventory:
symbol_map.pyperforms local file read and write operations.\n - Sanitization: Absent; the markdown does not describe any validation of extracted symbol names.\n- [Command Execution] (SAFE): The skill executes a local Python script
~/.claude/skills/map/scripts/symbol_map.py. This is the intended delivery mechanism for the skill's functionality.
Audit Metadata