code-path-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from the project's filesystem.
- Ingestion points: The skill reads file contents and directory listings across the project based on user-provided paths (SKILL.md).
- Boundary markers: There are no instructions to use delimiters or "ignore instructions" blocks when the agent processes file content (SKILL.md).
- Capability inventory: Includes file reading, recursive directory traversal (Glob), and project-wide searching (Grep) (SKILL.md).
- Sanitization: No sanitization or filtering of file content is specified before analysis (SKILL.md).
Audit Metadata