analyze-codebase
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns identified. The skill performs limited file system operations consistent with codebase analysis.
- [DATA_EXFILTRATION]: The skill reads project configuration files and directory structures. It does not access sensitive system credentials, private keys, or environment variables. All collected data is stored locally in the project's documentation.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it reads untrusted data from codebase files (e.g., feature files, package descriptions). However, the impact is minimal as the skill lacks execution and network capabilities. 1. Ingestion points: package.json, directory names, and test files. 2. Boundary markers: Absent. 3. Capability inventory: File system read and write (limited to documentation). 4. Sanitization: None.
Audit Metadata