codebase-summarizer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill analyzes untrusted repository content, which creates a surface for indirect prompt injection attacks where malicious instructions in codebase files could influence agent behavior. \n
- Ingestion points: The 'Core Workflow' describes a recursive scan of the folder tree and file organization in the project directory. \n
- Boundary markers: No delimiters or explicit instructions are provided to help the agent distinguish between its documentation task and instructions found within the code files. \n
- Capability inventory: The skill is capable of writing documentation files (e.g., ARCHITECTURE.md). \n
- Sanitization: No mechanism is mentioned for filtering or sanitizing instructions embedded in the ingested data. \n- Data Exposure (LOW): The skill identifies and documents configuration files like .env.example and lib/db.ts. There is a secondary risk that a recursive scan could inadvertently include sensitive information from actual environment variables or database connection strings in the generated reports.
Audit Metadata