index-folder
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates locally and includes checks to prevent directory traversal by validating that paths are within the project root. It also excludes hidden files and sensitive directories like .git and node_modules.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads and parses untrusted local files (Markdown, JSON) to extract metadata. Malicious content in these files could potentially influence the resulting index. Evidence: The skill uses the Read tool to ingest file content and extract titles, topics, and phases without explicit sanitization of the content before indexing.
Audit Metadata