codebase-recon
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to analyze external codebase data, creating a surface for indirect prompt injection where malicious instructions in the analyzed files could influence agent behavior.
- Ingestion points: The skill reads file contents, git history, commit messages, and external documentation URLs.
- Boundary markers: No specific delimiters or 'ignore' instructions are defined to separate untrusted data from agent commands.
- Capability inventory: The skill uses file reading, directory searching, git log access, and web research.
- Sanitization: There is no evidence of content validation or instruction filtering before processing the codebase data.
Audit Metadata