vm-codebase-indexer
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to install required Python packages and run the indexing and search scripts. These operations are essential for the skill's functionality and include a mandatory user confirmation step.
- [EXTERNAL_DOWNLOADS]: Upon the first execution, the sentence-transformers library downloads the all-MiniLM-L6-v2 embedding model from Hugging Face, which is a well-known service for machine learning models.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it indexes and retrieves content from arbitrary source code files. There is a risk that malicious instructions embedded in those files could influence the agent's behavior when it processes search results. 1. Ingestion points: The scripts/index.py file reads content from source files within the codebase path provided by the user. 2. Boundary markers: No specific delimiters are used in the search results to separate code content from instructions. 3. Capability inventory: The skill allows the agent to execute subprocesses for package installation and Python script execution. 4. Sanitization: No content sanitization is performed on the indexed files beyond filtering by file extension and size.
Audit Metadata