analyze-codebase-for-mcp
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes content from arbitrary external codebases that may contain malicious instructions designed to manipulate the agent.
- Ingestion points: Content is read from a user-provided codebase path using
Glob,Grep, andReadtools (SKILL.md). - Boundary markers: There are no boundary markers or instructions to ignore instructions embedded within the analyzed source code files to prevent accidental execution of commands found in documentation or comments.
- Capability inventory: The skill has access to
Bash,Grep,Glob, andReadtools, and it generates/writes files (mcp-tool-spec.yml) to the local filesystem based on analyzed content (SKILL.md). - Sanitization: No sanitization or validation of the ingested code content is performed before the agent processes and uses it to draft tool specifications.
Audit Metadata