explore-codebase
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution] (SAFE): The skill is configured to use industry-standard tools (
rg,fd,sg) via theBashtool specifically for codebase exploration. All provided examples and documentation align with legitimate developer workflows for finding and tracing code. - [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets, credentials, or unauthorized network operations were found. The tool functions strictly on local data provided to the agent for analysis.
- [Indirect Prompt Injection] (SAFE): While the skill is designed to ingest and process untrusted codebase data (Category 8 surface), this is its primary intended function. The instructions do not facilitate the execution of instructions found within that data, and the capability tier is limited to search operations.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyph-based evasion techniques were identified in any of the skill files.
Audit Metadata