codebase-documenter
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it is designed to ingest and process external, potentially untrusted codebase content.
- Ingestion points: The agent uses tools such as
Read,Glob, andGrepto access files throughout the directory structure. - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions embedded within the code or comments of the files it reads.
- Capability inventory: The agent has access to powerful tools including
Bash,Write,Edit, andmcp__ide__executeCode, which could be exploited if the agent obeys instructions found in the analyzed data. - Sanitization: No sanitization or validation logic is present to filter out or escape instructions found in the codebase.
- [COMMAND_EXECUTION]: The agent is configured with
Bashandmcp__ide__executeCodecapabilities. These are intended for structural analysis and quality assurance (verifying setup commands), but they allow for arbitrary code execution within the environment where the agent is running.
Audit Metadata