project-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface through the ingestion and processing of untrusted codebase content.\n
- Ingestion points: The agent analyzes and scans all files within a user-specified project directory to generate documentation (SKILL.md).\n
- Boundary markers: There are no explicit delimiters or instructions provided to the subagent to ignore embedded commands or instructions found within the analyzed files.\n
- Capability inventory: The skill utilizes directory scanning, language/framework detection, the Task tool, and the ast-grep tool to inspect and interpret the codebase.\n
- Sanitization: No sanitization, escaping, or content validation is implemented for the data ingested from the project files before it is processed by the AI agent.
Audit Metadata