code-trace
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted source code presenting an indirect prompt injection surface. (1) Ingestion: Reads source files via file-search tools as described in trace-request.md and trace-function.md. (2) Boundaries: Explicitly defined 'Boundaries' section in SKILL.md and 'Application Boundary' principle. (3) Capabilities: Serena memory tools for state and local script execution for framework detection. (4) Sanitization: Enforces a strict read-only policy and relies on interactive user-driven navigation to mitigate automated instruction obedience.
- [COMMAND_EXECUTION]: Executes the local script 'scripts/detect-framework.sh' to analyze 'package.json' for framework identification. The script uses safe utilities like 'grep' and 'cat' to inspect project metadata and does not evaluate file content.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized network operations were detected. The skill maintains session state using authorized tools and adheres to its primary purpose of code documentation.
Audit Metadata