symdex-code-search
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from code repositories, which introduces a surface for indirect prompt injection where malicious instructions embedded in the codebase could influence agent behavior.
- Ingestion points: Untrusted data enters the context through tools such as search_symbols, semantic_search, search_text, get_symbol, get_file_outline, and search_routes (SKILL.md).
- Boundary markers: Absent. The skill provides no delimiters or instructions for the agent to disregard instructions found within the retrieved code snippets.
- Capability inventory: The agent can read full files, extract symbols, and trace call graphs within the repository.
- Sanitization: Absent. Repository content is presented to the agent without filtering or validation.
Audit Metadata