lcs-codebase-doc
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the host shell and a bundled Python script to perform environment setup and repository analysis.
- The instructions direct the agent to create directories using
mkdirorNew-Itemdepending on the operating system. - The skill executes a local script
scripts/scan.pyto aggregate project metadata, identify languages, and find documentation markers. scripts/scan.pyutilizessubprocess.check_outputto executegit logand identify high-churn files. The implementation uses a list of arguments and avoidsshell=True, following secure coding practices.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the repository being documented.
- Ingestion points: The agent reads the output of the
scan.pyscript (.lcs/codebase/.codebase-scan.txt) and performs direct inspection of source files and manifests during Phase 2. - Boundary markers: No specific delimiters or "ignore instructions" warnings are utilized when the agent interpolates file content into its context.
- Capability inventory: The agent has the capability to write files, create directories, and execute the bundled Python analysis script.
- Sanitization: No sanitization or filtering of the repository's content is performed before processing. However, the skill explicitly instructs the agent to document only variable names and never expose actual secrets from environment files.
Audit Metadata