cs-explore
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the shell to execute a local Python utility script
python codestable/tools/search-yaml.pyfor metadata filtering and document retrieval within the project workspace. - [PROMPT_INJECTION]: The skill's functionality involves processing untrusted source code and documentation, which creates a surface for indirect prompt injection.
- Ingestion points: The agent reads arbitrary source code files and previously generated documentation from the repository.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat file content as potentially untrusted data.
- Capability inventory: The skill allows the agent to write markdown files to the local file system and execute specific search commands.
- Sanitization: No content filtering or validation is performed on the repository data before it is processed by the agent.
Audit Metadata