map-codebase
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill functions as intended for codebase documentation, performing analysis of local source files and writing architectural reports to the project's .turbo/ directory.
- [COMMAND_EXECUTION]: Utilizes file system globbing to identify source files for analysis, incorporating standard exclusions for build and dependency directories like node_modules and dist.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted codebase content during analysis. 1. Ingestion points: Reads source files identified in the scoping phase (SKILL.md). 2. Boundary markers: No explicit delimiters or warnings to ignore instructions within the code were identified. 3. Capability inventory: Launches sub-agents and writes report files to the filesystem (SKILL.md). 4. Sanitization: No sanitization or validation of the ingested code content is performed before processing.
Audit Metadata