Skills
skills/pjt222/development-guides/analyze-codebase-workflow/Gen Agent Trust Hub

analyze-codebase-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes standard shell commands such as find, sed, sort, and uniq to analyze the repository structure, count file extensions, and assess language coverage.
  • [PROMPT_INJECTION]: The skill ingests and analyzes content from arbitrary external codebases using the put_auto() engine. This creates a surface for indirect prompt injection, where malicious instructions hidden in the source code or comments of the analyzed project could attempt to influence the agent's behavior or bias the generated annotation plan.
  • Ingestion points: put_auto() scans all source files in the target directory (e.g., ./src/).
  • Boundary markers: None identified in the provided R scripts to isolate the analyzed code from the agent's execution context.
  • Capability inventory: The agent has permissions for Read, Write, Edit, Bash, Grep, and Glob operations.
  • Sanitization: No explicit sanitization or filtering of the analyzed source code content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:06 PM