monorepo-navigator

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill operates by ingesting and interpreting data from untrusted repository files, which constitutes a vulnerability surface for indirect prompt injection.
  • Ingestion points: Build manifests (package.json, pyproject.toml, Bazel files, etc.), source code for import scanning, git history/logs, and ownership files (CODEOWNERS).
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat content within these files as literal data or to ignore embedded instructions.
  • Capability inventory: The skill requires file system read access and git tool access to perform its functions.
  • Sanitization: No input validation, sanitization, or content filtering is specified for the data ingested from the repository files.
  • [NO_CODE]: The skill is composed entirely of natural language instructions and metadata in SKILL.md and does not ship with any executable scripts, binaries, or automated installation code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 07:33 PM
Security Audit — agent-trust-hub — monorepo-navigator