explore
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a structured multi-agent workflow for codebase exploration using platform-native tools such as Task, Grep, Glob, and MCP memory nodes. All orchestration logic is consistent with the stated purpose of analyzing repositories.
- [SAFE]: No evidence of hardcoded credentials or sensitive file access (e.g., SSH keys, AWS configs) was found. The skill operates within the repository's source directories and its own state files in .claude/chain/.
- [SAFE]: The included utility script 'scripts/dependency-mapper.sh' uses standard Unix utilities (find, grep, sort, uniq) to perform static analysis of import statements. It does not execute the code it analyzes or perform dangerous system operations.
- [SAFE]: While the skill's multi-agent exploration process (Category 8) involves reading and interpreting repository content that could contain indirect prompt injections, this is a fundamental requirement for its primary purpose. The skill uses structured prompts and defined subagent roles to mitigate risks associated with processing untrusted code content.
- [SAFE]: The PreToolUse hook references a local plugin script for indexing repository structure, which is a standard performance optimization for large codebases and does not involve external downloads or remote code execution.
Audit Metadata