codebase-scanning
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious instructions, hardcoded credentials, or obfuscated content were detected in the skill files.
- [NO_CODE]: The skill package is composed entirely of markdown documentation and data schemas, with no accompanying scripts or executable files.
- [PROMPT_INJECTION]: The skill defines a codebase scanner that ingests untrusted data, creating a surface for indirect prompt injection. Mandatory Evidence Chain: (1) Ingestion points: codebase manifests (package.json, build.gradle) and source files; (2) Boundary markers: absent; (3) Capability inventory: file system reading and attribute extraction; (4) Sanitization: none mentioned. This surface is inherent to the scanning function and is assessed as safe.
Audit Metadata