encode-repo-serena
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted codebase data to populate a knowledge base, which presents an indirect prompt injection surface.
- Ingestion points: Source code and documentation are read in references/phases.md using mcp__plugin_serena_serena__read_file and mcp__plugin_serena_serena__search_for_pattern.
- Boundary markers: There are no explicit instructions or delimiters defined to separate codebase content from agent instructions during the encoding process.
- Capability inventory: The skill uses execute_forgetful_tool to create, update, and delete memories and entities based on the processed data.
- Sanitization: Content extracted from the codebase is interpolated directly into knowledge base tools without validation or sanitization.
Audit Metadata