map
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/symbol_map.pyexecutesgitandfindcommands to locate source files within the project directory. - Evidence: Calls to
subprocess.runoccur in therun_commandfunction withinscripts/symbol_map.py. - Context: The commands are executed as lists without a shell environment (
shell=False), which prevents shell injection, and patterns are derived from internal configuration. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection (Category 8) due to its processing of untrusted project data.
- Ingestion points: The script
scripts/symbol_map.pyreads the contents of various source files (TS, JS, Python, Rust, Go) to extract symbol names. - Boundary markers: While the extracted data is presented in Markdown tables, there are no instructions for the agent to ignore or sanitize instructions that might be embedded within symbol names (e.g., a function name containing injection patterns).
- Capability inventory: The skill performs file system reads, writes to a local maps directory, and executes discovery commands (
git,find). - Sanitization: No sanitization or escaping is performed on the extracted symbol names before they are interpolated into the final markdown report.
Audit Metadata