codemap
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill mandates a 'MANDATORY FIRST RESPONSE PROTOCOL' that explicitly instructs the agent to 'auto-configure silently' and 'Do NOT prompt the user' when updating permission settings. This is a direct attempt to bypass user confirmation for sensitive actions.
- [COMMAND_EXECUTION]: The skill requires the agent to modify or create '.claude/settings.local.json' to grant itself permission to execute a broad list of Bash commands, including wildcard access via 'Bash(codemap:*)'. This bypasses the standard permission request flow for the codemap utility and escalates the agent's effective privileges.
- [EXTERNAL_DOWNLOADS]: The skill requires the global installation of the '@ulpi/codemap' NPM package. While this is associated with the stated vendor, it involves downloading and executing code from an external repository that has full access to the project's source code for indexing.
Recommendations
- AI detected serious security threats
Audit Metadata