Skills
skills/toonight/get-shit-done-for-antigravity/GSD Codebase Mapper/Gen Agent Trust Hub

GSD Codebase Mapper

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses PowerShell cmdlets like Get-ChildItem, Select-String, and Get-Content to perform local filesystem discovery and file reading. These operations are aligned with the skill's primary purpose of mapping and documenting codebases.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection because the agent ingests untrusted data from the codebase it is analyzing.
  • Ingestion points: Reads various project files (package.json, requirements.txt, source code) using Get-Content and Select-String commands.
  • Boundary markers: The instructions lack explicit delimitation or warnings to ignore malicious instructions embedded in the analyzed code or comments.
  • Capability inventory: The skill is restricted to local filesystem read operations and directory traversal; it lacks network access or file-write capabilities in its defined commands.
  • Sanitization: No sanitization or validation of the ingested code content is implemented before the agent interprets it for documentation purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 07:21 AM