codebase-analysis

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection due to its handling of untrusted data from the analyzed repository.
  • Ingestion points: The skill reads all files within the repository, including source code comments, header files, and documentation as specified in sections 1, 2, and 3 of SKILL.md.
  • Boundary markers: There are no explicit instructions or delimiters used to ensure that the LLM treats the contents of the scanned files strictly as data or ignores any embedded instructions.
  • Capability inventory: The skill is authorized to write local files, specifically generating .autonomousguy/CODEBASE_MAP.md and HTML reports in the analysis/ directory.
  • Sanitization: No sanitization or escaping mechanisms are defined for content extracted from the codebase before it is interpolated into the HTML report template (references/html-report-template.html) or the Markdown map.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 10:47 AM
Security Audit — agent-trust-hub — codebase-analysis