codebase-quick-map
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's behavior is consistent with its stated purpose of architectural mapping. Analysis confirms there are no network operations, credential exposures, or attempts to execute external code. All operations are localized to the user's project directory.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. 1. Ingestion points: Reads and analyzes various source and configuration files across the entire codebase. 2. Boundary markers: Absent; there are no specific instructions or delimiters used to prevent the agent from obeying instructions hidden within the analyzed files. 3. Capability inventory: The skill can write to the local filesystem (specifically creating the .dev/QUICK-MAP.md file). 4. Sanitization: No validation or filtering is applied to the ingested codebase content. The risk is considered low because the agent's output is restricted to generating documentation.
Audit Metadata