codenavi
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The skill processes untrusted external codebase content during its reconnaissance phase, which may contain malicious instructions in comments, documentation, or string literals.
- Ingestion points: Local source code files,
.notebook/INDEX.md, and project-specific documentation. - Boundary markers: Absent; the skill does not specify delimiters or system instructions to ignore embedded commands within the analyzed code.
- Capability inventory: The agent is authorized to perform file system write operations, execute
bashcommands, and use built-in code execution tools. - Sanitization: No sanitization or filtering of ingested codebase content is performed before processing.
- [COMMAND_EXECUTION]: The skill instructions explicitly permit the use of powerful system-level tools to perform development tasks.
- Evidence: The 'Summon System' section in
SKILL.mdallows the use of 'Built-in tools' such as 'bash commands' and 'code execution' for implementation and verification, which is appropriate for a development skill but represents a significant capability tier.
Audit Metadata