repo-map
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill reads arbitrary repository files, creating a surface for indirect prompt injection if those files contain malicious instructions. \n
- Ingestion points:
scripts/find-in-repo.shand ripgrep search examples. \n - Boundary markers: None; search output is returned as raw text without delimiters. \n
- Capability inventory: Filesystem read access and execution of internal scripts via
bun(as referenced inassets/repo-notes.md). \n - Sanitization: No sanitization of the search results or patterns is performed. \n- [Command Execution] (SAFE): The use of
ripgrepvia a local bash script is a standard development practice for code navigation and is consistent with the skill's purpose.
Audit Metadata