codebase-audit
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill functions as a static analysis and review tool. It does not engage in malicious activities such as data exfiltration, unauthorized command execution, or credential theft. The process is entirely focused on providing code quality and security feedback to the user based on their own files.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes the content of untrusted codebase files during the audit process. \n
- Ingestion points: The audit workflow requires reading source code, configuration files (e.g., package.json, requirements.txt, .env), and documentation within the user's project directory.\n
- Boundary markers: The instructions in references/agent-prompts.md do not utilize specific delimiters or "ignore embedded instructions" warnings to protect the agent from instructions hidden within the analyzed code.\n
- Capability inventory: The skill's capabilities are limited to static code analysis and report generation; it lacks tools for executing arbitrary commands, writing to the filesystem, or initiating network connections.\n
- Sanitization: No explicit sanitization or validation of the ingested file content is performed before the agents process it.
Audit Metadata