codebase-scanning
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze content from untrusted codebase files, creating a vulnerability surface for indirect prompt injection where malicious instructions could be embedded in manifest files or source code.\n
- Ingestion points: The agent is instructed to read various project files across the entire repository, including package manifests (e.g., package.json, requirements.txt, build.gradle) and source code (routes, components, views) to extract context.\n
- Boundary markers: The instructions do not define specific delimiters or include warnings for the agent to ignore instructions found within the scanned data.\n
- Capability inventory: The skill utilizes file system read capabilities to perform scans and is instructed to use a 'Write' tool to save validated findings back to the codebase.\n
- Sanitization: There are no requirements for sanitizing or validating the content extracted from the scanned files before processing by the LLM.
Audit Metadata