cartographer
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill manages internal documentation within a project-specific memory directory (~/.claude/projects//memory/cartographer/). This behavior is standard for the tool's intended purpose and does not access sensitive user credentials or system files.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by reading and reusing documentation content generated from the codebase. Ingestion points: The skill reads files including map.md, conventions.md, and modules/*.md from the memory directory. Boundary markers: Content is interpolated into subagent prompts without explicit delimiters or escaping instructions. Capability inventory: Orchestrator reads the memory files and dispatches Implementer, Reviewer, and Investigator subagents with the retrieved context. Sanitization: There is no explicit sanitization or validation of the documentation content before it is processed by subagents, allowing potential codebase-level instructions to reach the agent context.
Audit Metadata