QE Code Intelligence
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary functions are focused on legitimate code intelligence tasks such as building knowledge graphs and performing semantic searches.
- [PROMPT_INJECTION]: The skill processes untrusted content from local source code files, creating a potential surface for indirect prompt injection if those files contain malicious instructions.
- Ingestion points: TypeScript files in the
src/directory are read during indexing and search operations inSKILL.md. - Boundary markers: No explicit boundary markers or instructions to disregard embedded content are used in the search or indexing tasks.
- Capability inventory: The skill uses the
aqeCLI tool, which includes capabilities for indexing, searching, and exporting graph data to local files (e.g.,codebase.dotviaaqe kg export) as shown inSKILL.md. - Sanitization: There is no evidence of sanitization or filtering applied to the retrieved code or metadata before it is presented to the agent.
Audit Metadata