ai-codebase-deep-modules
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it is designed to analyze and process existing codebase files which are inherently untrusted sources.\n
- Ingestion points: According to SKILL.md, the agent is instructed to inspect repository files such as 'package.json', 'pyproject.toml', and various source directories to build a 'Module Map'.\n
- Boundary markers: The skill instructions do not provide delimiters or specific guidelines for the agent to isolate content from these files, which could lead to the agent following embedded instructions within the processed data.\n
- Capability inventory: The skill is equipped with a Python script capable of creating and writing to files on the local filesystem.\n
- Sanitization: There is no evidence of sanitization or validation of the codebase content before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill includes a functional Python script ('scripts/scaffold_deep_module.py') for the agent to execute to generate project structures.\n
- Evidence: This script uses the 'pathlib' library to perform filesystem operations, including directory creation and writing new source files. While functional, the script lacks validation for the '--name' parameter, potentially allowing for path traversal if the agent provides a malicious path.
Audit Metadata