project-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No security issues detected. The skill performs standard repository analysis using local commands.
- [COMMAND_EXECUTION]: The skill utilizes common shell utilities like tree, find, cat, and jq for project exploration and metadata extraction. These operations are restricted to the local filesystem and do not involve network activity or privileged access.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted project data (e.g., README files, configuration manifests), which represents a potential attack surface for indirect prompt injection. Ingestion points: File read commands in SKILL.md and scripts/analyze-deps.py. Boundary markers: Absent. Capability inventory: Local file reading and shell command execution. Sanitization: Content is processed without specific sanitization or filtering.
Audit Metadata