project-scan

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by scanning external, potentially attacker-controlled files within a repository to generate or update project documentation.
  • Ingestion points: Processes various project configuration and source files (e.g., go.mod, package.json, pom.xml, README.md) listed in references/scan-checks.md to identify technology stacks and project structures.
  • Boundary markers: Employs <!-- AUTO:* --> markers as defined in references/agents-blocks.md to separate generated content from manual documentation, though the generated content itself is derived from external data.
  • Capability inventory: Authorized to write and update documentation files (AGENTS.md, README.md) in the repository root and initialize a .codex/ directory structure.
  • Sanitization: No explicit technical sanitization or escaping of scanned data is described. However, the instructions require the agent to seek user confirmation before overwriting existing content and to mark unverified data as 'to be confirmed'.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 03:34 AM
Security Audit — agent-trust-hub — project-scan