The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted content from project files. Malicious instructions embedded in code comments or configuration files within the analyzed project could attempt to subvert the agent's architectural review.
Ingestion points: All analytical scripts (e.g., scripts/analyze_patterns.py) recursively read content from a user-provided project directory.
Boundary markers: None; the scripts read raw file contents and pass summarized findings to the agent without delimitation or instructions to ignore embedded commands.
Capability inventory: The scripts are limited to file system read access. No network operations, file writing, or subprocess execution was detected.
Sanitization: None; input is analyzed as raw text.
Dependency Concerns (LOW): The scripts analyze_patterns.py, identify_spof.py, security_design_review.py, and threat_model.py all import the 'subprocess' module but never utilize it. While currently benign, importing sensitive modules without functional need is a violation of best practices.
Input Validation (INFO): The scripts check if the provided path exists but do not enforce boundaries, meaning an agent could be directed to read any file on the system that the user has permissions for, provided the file extension matches those scanned (e.g., .py, .tf, .yml).

architect-reviewer