codebase-study-guide
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill's workflow (Step 2) explicitly instructs the agent to investigate 'Configuration' files, specifically mentioning 'env vars' and 'config files'. While intended for understanding system behavior, this creates a risk of sensitive credentials (API keys, database strings) being extracted from
.envfiles and included in the final generated study guide document. - Indirect Prompt Injection (LOW): The skill has a high surface area for indirect injection.
- Ingestion points: The agent is directed to read
README,CLAUDE.md, architecture docs, ADRs, and inline comments from an 'unfamiliar codebase'. - Boundary markers: None are specified; the agent treats all content as data for the guide.
- Capability inventory: The agent can read files, write the study guide to the filesystem, and is encouraged to 'Run' and 'Modify' code as part of the PRIMM learning framework.
- Sanitization: No sanitization of ingested comments or documentation is performed before processing.
- Dynamic Execution (LOW): The suggested pedagogical framework (PRIMM) and 'Testing Strategy' section (Step 8) encourage the agent to 'Run the test suite' and 'Modify [the function] to also [Y] and run the tests'. This involves executing code from the analyzed codebase, which could be malicious if the codebase itself is untrusted.
Audit Metadata