codebase-singularity
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill possesses a surface for indirect prompt injection from codebase content, which is intrinsic to its primary function of code analysis. 1. Ingestion points: SKILL.md (Quick start steps) reads README and repo entry points. 2. Boundary markers: Absent. 3. Capability inventory: The skill utilizes file reading, writing (patches), and shell command execution. 4. Sanitization: Absent.
- Command Execution (SAFE): Running user-provided validation commands (lint, test) is a standard developer function.
- External Downloads (SAFE): No remote scripts or external packages are used.
Audit Metadata