map-project
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Employs common local shell utilities like
ls,find,grep, andwcto analyze the project's file structure and content. These commands are used strictly for local discovery and documentation purposes. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface because it requires the agent to ingest and analyze arbitrary content from the project codebase, which could include untrusted instructions in comments or code.
- Ingestion points: Project source files (models, controllers, routes, etc.) identified through various search commands defined in the discovery phases.
- Boundary markers: Absent; the instructions do not specify any delimiters to separate the codebase data from the agent's internal reasoning or instructions.
- Capability inventory: Terminal access for running discovery commands and writing documentation files to the local disk.
- Sanitization: No sanitization or validation of the ingested code content is performed before the agent processes it.
- [SAFE]: No evidence of network exfiltration, remote code execution, or credential theft was found. The use of emphatic instructional language is a technique to ensure task adherence and does not attempt to subvert AI safety controls.
Audit Metadata