codebase-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly susceptible to indirect prompt injection through the codebase files it analyzes.
- Ingestion points: The skill reads multiple local files, including
package.json,pyproject.toml, and various source files insrc/orlib/(Algorithm Steps 2, 3, and 4). - Boundary markers: There are no defined boundary markers or instructions to the agent to ignore instructions contained within the data being read.
- Capability inventory: The skill possesses file-write capabilities (generating
CLAUDE.md) and uses the content of analyzed files to populate templates and suggest build/test commands (Algorithm Step 7). - Sanitization: No sanitization or validation of the extracted content is performed before it is used in prompt interpolation or written to disk. An attacker could place malicious instructions in a
package.jsondescription or a source code comment to manipulate the generated output. - [External Downloads] (LOW): The skill performs an automated network request to an external domain not on the trusted list.
- Evidence: Algorithm Step 5 explicitly directs the use of the
WebFetchtool to retrieve data fromhttps://code.claude.com/docs/en/memory. - Context: While the domain appears legitimate and relevant to the skill's stated purpose, it falls outside the predefined [TRUST-SCOPE-RULE] whitelist.
Recommendations
- AI detected serious security threats
Audit Metadata