mapping-codebases
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it extracts text from untrusted source code and displays it to the agent in the generated _MAP.md files.
- Ingestion points: The scripts/codemap.py file reads source code from the local filesystem to identify symbol names, signatures, and headings.
- Boundary markers: Extracted symbols are formatted as Markdown bold text and backticks, which may not prevent an agent from executing embedded instructions.
- Capability inventory: The script performs file read and write operations within the target directory; it lacks network access and does not require elevated permissions.
- Sanitization: The tool does not sanitize or validate extracted text for potential injection patterns before generating the maps.
- [COMMAND_EXECUTION]: The skill requires the agent to execute a Python script (scripts/codemap.py) to analyze the repository and create the mapping files.
- [EXTERNAL_DOWNLOADS]: The installation process involves downloading the tree-sitter-language-pack from the official Python Package Index (PyPI), which is a well-known and trusted package registry.
Audit Metadata