explore
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill interpolates user-provided topics ($ARGUMENTS) and content from the local codebase directly into sub-agent prompts. * Ingestion points: User-provided query and codebase files read via Read or Grep tools. * Boundary markers: Rules such as exploration-agents.md include instructional constraints like 'Scope: ONLY read files directly relevant... Do NOT explore the entire codebase'. * Capability inventory: Access to Bash, Read, Grep, and TaskCreate tools. * Sanitization: None; untrusted content is interpolated directly into system instructions for sub-agents.
- [Command Execution] (SAFE): The skill executes a bundled script 'scripts/dependency-mapper.sh' using the Bash tool. * Analysis: The script performs static analysis using standard shell utilities (find, grep, sort) to identify import patterns and coupling. It does not perform network operations or attempt privilege escalation.
Audit Metadata