understand
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of shell commands (git, find, mkdir, test) to traverse the local repository and manage analysis state.
- [EXTERNAL_DOWNLOADS]: The skill downloads and builds the '@understand-anything/core' library from the public npm registry using 'pnpm' when it is not already present in the environment.
- [REMOTE_CODE_EXECUTION]: The skill executes local Python and Node.js scripts (e.g., merge-batch-graphs.py, extract-structure.mjs) which are bundled with the skill to perform deterministic data merging and structural analysis.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8):
- Ingestion points: The skill reads arbitrary codebase files, including source code, documentation (README.md), and configuration files (package.json, etc.).
- Boundary markers: The instructions do not explicitly specify delimiters to separate untrusted file content from analysis instructions in all subagent prompts, although it uses structured analysis results.
- Capability inventory: The skill possesses the capability to execute shell commands, write files to the project directory, and perform git operations.
- Sanitization: While it uses specialized parsers to extract structure, the processed text is eventually passed to LLM subagents for architectural review and tour generation.
- [DATA_EXPOSURE]: The skill accesses local project metadata and directory structures to build a comprehensive model of the application architecture, storing results in a local '.understand-anything/' directory.
Audit Metadata