pathfinder
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as an architectural orchestrator that maps features and identifies logic duplication through static analysis of local repository files.
- [SAFE]: No security concerns such as credential exposure, network exfiltration, or remote code downloads were identified within the skill instructions.
- [SAFE]: The skill's operations are limited to reading repository source code and writing markdown documentation artifacts to a designated directory (
PATHFINDER-<YYYY-MM-DD>/). - [SAFE]: Indirect prompt injection surface analysis: (1) Ingestion points: Reads local README, CLAUDE.md, and source code files. (2) Boundary markers: Enforces a 'Subagent Reporting Contract' requiring exact file paths and line ranges for all data. (3) Capability inventory: Restricted to repository file reads and writing documentation. (4) Sanitization: Relies on structured output formatting and human review of generated prompts before further action.
Audit Metadata