analyze-codebase
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as described, performing local codebase analysis without signs of malicious intent.- [EXTERNAL_DOWNLOADS]: Fetches the skill definition from the author's own GitHub repository during installation.- [COMMAND_EXECUTION]: Uses the
Bashtool to navigate the project filesystem and manage report directories, which is expected for this utility.- [PROMPT_INJECTION]: The skill's design involves processing untrusted codebase content with high-capability tools (Bash,Write), presenting a potential surface for indirect prompt injection. - Ingestion points: Codebase files and directory structures at the specified analysis path.
- Boundary markers: Prompts for sub-agents do not include specific delimiters or instructions to ignore embedded directives within the files being analyzed.
- Capability inventory:
Read,Write,Glob,Grep,Bash, andTask(for sub-agent orchestration). - Sanitization: No sanitization of code comments or documentation content is performed before synthesis.
Audit Metadata