codebase-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection due to its handling of untrusted data from the analyzed repository.
- Ingestion points: The skill reads all files within the repository, including source code comments, header files, and documentation as specified in sections 1, 2, and 3 of SKILL.md.
- Boundary markers: There are no explicit instructions or delimiters used to ensure that the LLM treats the contents of the scanned files strictly as data or ignores any embedded instructions.
- Capability inventory: The skill is authorized to write local files, specifically generating .autonomousguy/CODEBASE_MAP.md and HTML reports in the analysis/ directory.
- Sanitization: No sanitization or escaping mechanisms are defined for content extracted from the codebase before it is interpolated into the HTML report template (references/html-report-template.html) or the Markdown map.
Audit Metadata