codebase-search
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Repository navigation instructions. The skill provides clear and legitimate guidelines for searching codebases using standard tools like ripgrep and ast-grep to identify code definitions and usage.
- [SAFE]: Tool and command usage. The utilization of 'allowed-tools' such as Read, Grep, Glob, and Bash is entirely consistent with the skill's stated purpose of repository search and does not include any suspicious or unauthorized command patterns.
- [PROMPT_INJECTION]: Indirect injection surface. The skill ingests codebase content (untrusted data) via the Read and Grep tools. This represents a potential surface for indirect prompt injection; however, the risk is minimal as the instructions focus on summarizing findings into a search brief rather than executing instructions found within the files. The capabilities are limited to search-related operations, and no sanitization was noted but the usage is contextually safe.
Audit Metadata