Skills
skills/jackjin1997/clawforge/codebase-to-course/Gen Agent Trust Hub

codebase-to-course

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructions mandate reading sensitive codebase files, including "package/config files", "schemas", and "deployment files". As the agent is encouraged to use "actual code snippets from the target project" in the generated course, there is a potential risk of exposing environment configurations, infrastructure details, or hardcoded secrets in the resulting HTML modules.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external repositories.
  • Ingestion points: The skill reads README files, source code, and configurations from the target codebase (SKILL.md).
  • Boundary markers: No explicit instructions are provided to use delimiters or ignore embedded instructions when reading codebase content.
  • Capability inventory: The skill has the capability to read local files, clone remote repositories, and write new files to the workspace.
  • Sanitization: There are no documented steps for sanitizing or escaping content from the analyzed codebase before it is included in the generated course.
  • [EXTERNAL_DOWNLOADS]: The skill clones GitHub repositories provided by the user to a temporary or workspace path for analysis.
  • [COMMAND_EXECUTION]: The skill performs git operations to clone repositories when a URL is supplied as the target codebase.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 02:30 PM
Security Audit — agent-trust-hub — codebase-to-course