Skills
skills/agent-sh/agentsys/repo-mapping/Gen Agent Trust Hub

repo-mapping

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted source code from the repository to generate its map.
  • Ingestion points: Local repository source files are scanned using ast-grep (SKILL.md).
  • Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore instructions embedded within the codebase being parsed.
  • Capability inventory: The skill executes ast-grep, map-validator, and writes data to local state directories like .claude/repo-map.json (SKILL.md).
  • Sanitization: Absent; while AST parsing focuses on code structure, embedded instructions in comments or string literals could potentially influence subsequent agent reasoning when the map is referenced.
  • [COMMAND_EXECUTION]: The skill requires the execution of external CLI tools (ast-grep and map-validator) to function. The instructions explicitly state that these tools should only be run or installed with user consent, which is a security best practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 07:31 PM
Security Audit — agent-trust-hub — repo-mapping