discover-codebase-enhancements
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No direct security vulnerabilities or malicious patterns were identified. The skill operates locally on provided codebase paths.
- [PROMPT_INJECTION]: The skill includes instructions to 'Deep crawl' and read architecture docs, READMEs, and source code. This represents a surface for indirect prompt injection (Category 8), as the agent may process untrusted instructions embedded in the codebase being analyzed. However, this is inherent to the skill's primary function and no malicious exploitation logic is present. Ingestion points: Local files (SKILL.md). Boundary markers: Not specified. Capability inventory: Local file reading (opencode tool). Sanitization: Not specified.
Audit Metadata