codebase-summary
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js script (
validate-summary.cjs) provided within its directory to perform structural validation on the generated JSON artifacts. - [CREDENTIALS_UNSAFE]: The analysis instructions (ANALYSIS.md) direct agents to inspect sensitive configuration sources, including environment variables (
.env), connection strings, and platform manifests to accurately map the project's architecture. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from untrusted external codebases to generate its technical summary.
- Ingestion points: Processes all source files, lockfiles, and configuration files within the target codebase directory (ANALYSIS.md).
- Boundary markers: Absent; instructions do not utilize delimiters to isolate codebase content from the analysis prompts.
- Capability inventory: Performs file writes (SUMMARY.md, summary.json) and executes the
nodecommand for validation (SKILL.md). - Sanitization: None identified; agents are instructed to report verified findings directly from the source code.
Audit Metadata