codebase-summarizer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill lacks security boundaries when processing repository content. Malicious instructions placed in source files, READMEs, or comments could be interpreted as commands by the AI agent. Evidence Chain: 1. Ingestion points: Recursive repository scanning (SKILL.md: Core Workflow). 2. Boundary markers: Absent; no delimiters or 'ignore' instructions are used to wrap external content. 3. Capability inventory: Writing to the file system (SKILL.md: 'Creates ARCHITECTURE.md') and potentially executing shell commands for migrations or testing as outlined in the guides. 4. Sanitization: Absent; no filtering or escaping of scanned content is specified.
Recommendations
- AI detected serious security threats
Audit Metadata