codebase-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation explicitly instructs users to bypass security sandboxes using the 'dangerouslyDisableSandbox: true' setting. This configuration removes critical isolation layers that protect the host system from potentially malicious actions or instructions encountered during the analysis process.
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by design as it ingests and processes content from untrusted external codebases.
- Ingestion points: All project files and directory structures analyzed by the 'codebase_investigator' tool.
- Boundary markers: Absent. No explicit delimiters or instructions are provided to distinguish between analyzed data and agent instructions.
- Capability inventory: The 'codebase_investigator' tool has the capability to read files and map project-wide dependencies.
- Sanitization: Absent. The skill processes the raw content of the codebase without filtering or validating it for malicious instructions.
Recommendations
- AI detected serious security threats
Audit Metadata