code-explore
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill logic is entirely focused on codebase exploration and does not contain any instructions to bypass safety filters or perform unauthorized actions.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard search commands such as Grep to identify controllers, services, and configuration items. This functionality is restricted to the local filesystem and is appropriate for the skill's purpose.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface because it reads and analyzes untrusted code from the user's project. However, it does not demonstrate any malicious behavior or attempts to override agent instructions. Evidence: 1. Ingestion points: The Read, Grep, and Glob tools are used in SKILL.md and search-patterns.md to ingest file content. 2. Boundary markers: No explicit boundary markers or 'ignore' instructions are used when reading files. 3. Capability inventory: The skill has access to the Bash tool for command execution. 4. Sanitization: No sanitization of the codebase content is performed before processing.
Audit Metadata