gsd-map-codebase
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data by analyzing an existing codebase to generate documentation.
- Ingestion points: Analyzes files within the project codebase and accepts user-provided focus areas via
{{GSD_ARGS}}. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined for the analysis phase in the provided skill file.
- Capability inventory: The skill can spawn multiple parallel sub-agents (
gsd-codebase-mapper) and write documentation files to the.planning/codebase/directory. - Sanitization: No explicit sanitization or validation of the codebase content is described before it is processed by the mapping agents.
Audit Metadata