codebase-summary

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Node.js script (validate-summary.cjs) provided within its directory to perform structural validation on the generated JSON artifacts.
  • [CREDENTIALS_UNSAFE]: The analysis instructions (ANALYSIS.md) direct agents to inspect sensitive configuration sources, including environment variables (.env), connection strings, and platform manifests to accurately map the project's architecture.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from untrusted external codebases to generate its technical summary.
  • Ingestion points: Processes all source files, lockfiles, and configuration files within the target codebase directory (ANALYSIS.md).
  • Boundary markers: Absent; instructions do not utilize delimiters to isolate codebase content from the analysis prompts.
  • Capability inventory: Performs file writes (SUMMARY.md, summary.json) and executes the node command for validation (SKILL.md).
  • Sanitization: None identified; agents are instructed to report verified findings directly from the source code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 06:35 PM
Security Audit — agent-trust-hub — codebase-summary