mb-map-codebase
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its primary function is to scan and synthesize content from an existing repository. Malicious instructions placed within the repository's code or documentation could attempt to manipulate the agent's synthesis process. Ingestion points: Code and documentation files throughout the repository. Boundary markers: No specific delimiters or "ignore instructions" markers are established for the input data. Capability inventory: Spawns sub-agents, creates and modifies documentation files within the .memory-bank/ and .protocols/ directories. Sanitization: No content filtering or validation is specified before the scanned data is processed.- [COMMAND_EXECUTION]: The workflow relies on the execution of specific local management commands including mb-init, mb-sync, mb-from-prd, and mb-review. These commands are integral to the documentation system's state management and synchronization.
Audit Metadata