cartograph
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted content from the codebase being analyzed.\n- [PROMPT_INJECTION]: Ingestion points: The skill reads multiple files throughout the codebase, including configuration (package.json), database schemas, and source code files (SKILL.md Phase 1-6).\n- [PROMPT_INJECTION]: Boundary markers: No specific boundary markers or instructions to disregard embedded commands in source files are present.\n- [PROMPT_INJECTION]: Capability inventory: The skill is authorized to read filesystem content and write output to cartograph.json (SKILL.md Phase 8).\n- [PROMPT_INJECTION]: Sanitization: The skill does not implement sanitization for the data it extracts. Consequently, the assets/visualizer.html file, which uses innerHTML to display the results, is vulnerable to DOM-based XSS if the analyzed codebase contains malicious payloads in its metadata or comments.
Audit Metadata