project-indexer
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- SAFE (SAFE): The skill consists entirely of Markdown templates and natural language instructions. There are no executable scripts (.py, .js, .sh) or binary files included.
- DATA_EXPOSURE (SAFE): The skill's functionality involves reading the local codebase and writing to a
.claude-index/directory. No network operations (e.g., curl, fetch) or data exfiltration patterns were detected. - PROMPT_INJECTION (SAFE): The instructions in the README are standard operational guidelines for the agent and do not contain bypass markers, role-play injections, or attempts to extract system prompts.
- INDIRECT_PROMPT_INJECTION (SAFE): As a project indexer, the skill ingests local code files (untrusted data). While this is an attack surface, the risk is mitigated as the skill does not execute the processed content, and the resulting index is intended for the agent's own context management.
Audit Metadata