codebase-advisor
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a read-only advisor, preventing direct modification of the source code it audits.
- [PROMPT_INJECTION]: The skill contains defensive instructions to prevent indirect prompt injection by explicitly telling the agent to treat repository content as untrusted data and ignore embedded commands. Static detector flags for 'ignore previous instructions' are confirmed as false positives, as these strings appear within protective guidelines rather than as malicious overrides.
- [DATA_EXFILTRATION]: Hard Rule 4 prevents the exposure of credentials and secrets by requiring the agent to reference their locations and types only, rather than the values themselves.
- [COMMAND_EXECUTION]: Command usage is restricted to standard, read-only audit tools (e.g., npm audit), and any plan execution is delegated to isolated subagents in disposable worktrees to maintain host environment integrity.
Audit Metadata