monorepo-navigator
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill operates by ingesting and interpreting data from untrusted repository files, which constitutes a vulnerability surface for indirect prompt injection.
- Ingestion points: Build manifests (package.json, pyproject.toml, Bazel files, etc.), source code for import scanning, git history/logs, and ownership files (CODEOWNERS).
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat content within these files as literal data or to ignore embedded instructions.
- Capability inventory: The skill requires file system read access and git tool access to perform its functions.
- Sanitization: No input validation, sanitization, or content filtering is specified for the data ingested from the repository files.
- [NO_CODE]: The skill is composed entirely of natural language instructions and metadata in SKILL.md and does not ship with any executable scripts, binaries, or automated installation code.
Audit Metadata