codegraph
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@colbymchenry/codegraphpackage from the public NPM registry, which is an established and expected service for Node.js development tools. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands for project initialization, indexing, and querying the code graph. It also provides an automated installation command (
codegraph install) that modifies the agent's local configuration files (~/.claude.jsonand~/.claude/settings.json) to register the MCP server and grant necessary tool permissions. - [PROMPT_INJECTION]: The skill processes local repository source code to build its index, creating an indirect prompt injection surface. Malicious content within indexed files could potentially influence agent reasoning when it processes the resulting code snippets or call graph data.
- Ingestion points: Local source files (e.g., .ts, .go, .rs) read during the indexing phase.
- Boundary markers: No specific boundary markers or 'ignore' instructions are defined for the data returned by the tools.
- Capability inventory: The skill executes CLI commands, performs filesystem operations, and manages local SQLite databases.
- Sanitization: The instructions do not specify any sanitization or validation of the content extracted from the code repository before it is presented to the agent.
- [DATA_EXFILTRATION]: The benchmarking protocol in
spike.mdinstructs the agent to gather system metadata, including kernel version, CPU architecture, and memory/disk usage statistics. This data is intended for local performance reporting and is not transmitted to external domains.
Audit Metadata