cartographer
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary function is to manage codebase documentation within the project's local memory directory. No suspicious behavior such as network exfiltration, credential theft, or unauthorized command execution was found.
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by recording codebase findings that are later used in subagent instructions.
- [PROMPT_INJECTION]: Ingestion points: The Cartographer Recorder extracts findings from source code files and traces call chains (recorder-prompt.md).
- [PROMPT_INJECTION]: Boundary markers: Data is stored in Markdown files with clear headers, but lacks hard-coded safety delimiters when re-injected.
- [PROMPT_INJECTION]: Capability inventory: The skill performs filesystem read/write operations and dispatches subagents with the stored context.
- [PROMPT_INJECTION]: Sanitization: No explicit sanitization of codebase strings is performed before storage.
Audit Metadata