Skills
skills/shoootyou/get-shit-done-multi/gsd-map-codebase/Gen Agent Trust Hub

gsd-map-codebase

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the local codebase to generate its analysis. If a codebase contains maliciously crafted instructions (e.g., hidden in comments, READMEs, or string literals), they could influence the behavior or output of the mapper agents.
  • Ingestion points: Codebase files read via Read, Glob, and Grep tools.
  • Boundary markers: None identified in the process description.
  • Capability inventory: Includes Bash, Write, and Task tools, which allow for file modification and command execution.
  • Sanitization: No explicit sanitization or validation of the codebase content is mentioned before processing.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to create directory structures and potentially perform analysis. While this is consistent with the stated purpose of codebase mapping, it grants the agent significant control over the local environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 07:07 PM