Skills
skills/knoopx/pi/codemapper/Gen Agent Trust Hub

codemapper

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions utilize the 'cm' utility to perform various code analysis tasks such as mapping project structure, searching for symbols, and tracing dependencies.
  • [PROMPT_INJECTION]: A vulnerability surface for indirect prompt injection exists.
  • Ingestion points: The agent reads potentially untrusted data from local source code through commands like cm query --show-body and cm map (SKILL.md).
  • Boundary markers: None identified in the skill instructions to delimit analyzed code from agent instructions.
  • Capability inventory: The skill has the capability to execute filesystem analysis commands (cm) across the project.
  • Sanitization: There are no documented sanitization or filtering steps to prevent the agent from following instructions embedded within comments or strings in the analyzed source code.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 12:37 PM