codebase-audit
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a specialized auditing tool designed to examine codebases for security and quality issues. Its behaviors, including reading files and running diagnostic shell commands, are strictly aligned with its stated purpose of security assessment.
- [SAFE]: Data ingestion is restricted to the local directory being audited. No evidence was found of unauthorized data exfiltration or sensitive information leakage.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it evaluates untrusted source code from the local environment while having access to sensitive tools.
- Ingestion points: Audited project files are processed via the Read, Grep, and Glob tools.
- Boundary markers: The instructions do not define specific markers or ignore directives to differentiate audited data from agent instructions.
- Capability inventory: The skill is granted Bash, WebSearch, and WebFetch tools.
- Sanitization: Content from audited files is passed to the agent without prior sanitization or escaping.
Audit Metadata