explain-code
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines a prompt template for formatting code summaries and does not exhibit any malicious behaviors such as obfuscation, persistence, or privilege escalation.
- [PROMPT_INJECTION]: The skill processes user-provided code and diffs, which represents an indirect prompt injection surface. However, the risk is negligible as the skill lacks access to tools or execution environments. \n
- Ingestion points: Processes 'user-scoped code' and 'unstaged diff' as specified in
SKILL.mdandagents/openai.yaml. \n - Boundary markers: Absent; the instructions do not provide specific markers to isolate the analyzed code from the agent instructions. \n
- Capability inventory: No capabilities are enabled; the skill explicitly sets
disable-model-invocation: truein the frontmatter and lists noallowed-tools. \n - Sanitization: None; the skill does not perform validation or escaping of the code content.
- [DATA_EXFILTRATION]: The instructions include a security guardrail ('Do not include... secrets') to prevent the accidental display of credentials found within the code being explained.
Audit Metadata