extract
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Python script (
extractor.py) to perform Abstract Syntax Tree (AST) extraction on a target directory. This is a standard operation for its described purpose of codebase analysis. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it processes untrusted data from an external codebase. Malicious instructions embedded in code comments or strings could potentially influence the AI's enrichment phase. Ingestion points: All files in the target codebase directory. Boundary markers: None identified. Capability inventory: Execution of local Python scripts and writing results to the local filesystem. Sanitization: No sanitization or filtering of the codebase content is specified.
Audit Metadata