quiz
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill instructions and associated reference files follow best practices for codebase analysis tools. Its behavior is limited to gathering configuration, exploring project structure, and generating interactive questions.\n- [Indirect Prompt Injection] (SAFE): While the skill ingests untrusted data by reading the codebase, the risk is negligible as it lacks dangerous capabilities like network access or file writing.\n
- Ingestion points: SKILL.md (Step 2) reads project structure, key files, and configuration during exploration.\n
- Boundary markers: Not explicitly defined in the workflow prompts to separate ingested code from model instructions.\n
- Capability inventory: The skill has read-only access to the filesystem and uses AskUserQuestion for interactive UI. It has no capabilities for network requests, shell command execution, or persistent filesystem modifications.\n
- Sanitization: The skill does not explicitly sanitize the source code it reads, but its lack of high-privilege sinks mitigates this risk.
Audit Metadata