Skills
skills/pedronauck/kodebase-go/kodebase/Gen Agent Trust Hub

kodebase

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on executing the kodebase and qmd CLI tools to analyze repositories and search generated vaults.
  • [EXTERNAL_DOWNLOADS]: The instructions require the installation of a third-party package @tobilu/qmd from the npm registry to enable full search and indexing functionality.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests untrusted source code and provides snippets or diagnostics back to the agent.
  • Ingestion points: The kodebase generate command scans and parses all supported language files within the user-specified repository path.
  • Boundary markers: The documented output schemas for command results do not specify the use of delimiters or 'ignore' instructions to isolate source code content from agent logic.
  • Capability inventory: The agent has the ability to execute shell commands via the kodebase and qmd binaries.
  • Sanitization: There is no evidence of content sanitization or filtering applied to source code snippets before they are presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 02:54 PM