code-intelligence
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests local source code to build a symbol index and dependency graph, which represents a potential surface for indirect prompt injection.
- Ingestion points: lib/parser.js and index.js read content from the scanned project directory.
- Boundary markers: No specific delimiters are used when returning symbol metadata to the agent.
- Capability inventory: Logic is restricted to local file reads, SQLite database management, and CLI output. No dynamic code evaluation or remote network exfiltration capabilities were detected.
- Sanitization: Parsed code symbols and signatures are processed as static metadata.
- [COMMAND_EXECUTION]: The test script test.js uses execSync to run the skill's CLI tools for functional verification within a controlled test directory. This behavior is standard for the skill's self-testing and does not involve untrusted remote execution.
Audit Metadata