deepwiki
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): The skill focuses on documentation tasks and contains no instructions to override system prompts or bypass safety guidelines.
- [Data Exposure & Exfiltration] (SAFE): Directory scanning instructions explicitly exclude sensitive paths such as
.git. There are no network requests or hardcoded credentials. - [Obfuscation] (SAFE): The content is entirely human-readable Markdown with no hidden characters or encoded payloads.
- [Remote Code Execution] (SAFE): The skill does not download or execute remote code. Software installation steps mentioned in the documentation are intended for the user's manual environment setup.
- [Indirect Prompt Injection] (INFO): As a codebase analyzer, the skill inherently processes external data (source code). While this presents a potential injection surface, the structured nature of the 5-phase analysis and the use of rigid Markdown templates significantly limit the risk. No subprocess execution or dynamic command generation is performed on the ingested data.
- [Persistence] (SAFE): The skill does not attempt to modify system configuration or startup scripts.
Audit Metadata