learn-tw
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to perform localized codebase analysis and documentation generation. All operations, including file reads and markdown file creation, are performed within the project directory. No suspicious network operations or credential harvesting patterns were found.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it reads and processes untrusted content from the local codebase (source code, comments, and git history). However, this is consistent with its primary purpose as an analysis tool.
- Ingestion points: The skill instructions specify exploring the codebase structure and reading core modules, configuration files, and git history.
- Boundary markers: There are no explicit instructions or delimiters used to isolate codebase content from the agent's instruction set.
- Capability inventory: The skill is restricted to reading the filesystem and writing a markdown file to the project root.
- Sanitization: No sanitization or filtering of external data from the codebase is specified before it is incorporated into the output document.
Audit Metadata