project-map-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution] (SAFE): The skill utilizes common system utilities like
rg(ripgrep) andGet-ChildItem(PowerShell) to list files. These commands are used strictly for the intended purpose of mapping the directory structure and do not involve arbitrary or unsanitized input execution.- [Data Exposure] (SAFE): The skill accesses local file paths and reads file contents. However, it incorporates a safety rule requiring the user to define the scope, and it lacks any network-facing capabilities, preventing data exfiltration.- [Indirect Prompt Injection] (LOW): The skill processes data from existing local files and documentation. While it lacks explicit boundary markers for this data, the risk is mitigated by the tool's limited scope and the absence of high-risk capabilities like network access or privilege escalation. - Ingestion points: Reads
PROJECT_MAP.mdand user-specified 'key files'. - Boundary markers: Absent.
- Capability inventory: File system read and write (restricted to PROJECT_MAP.md).
- Sanitization: Absent.
Audit Metadata