validate-architecture
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow in SKILL.md executes a shell command using a Python script that incorporates the user-provided 'architecture_file' input directly into the command string. This pattern is vulnerable to command injection if the input path is not properly sanitized by the execution environment.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from external architecture documents. (1) Ingestion points: The skill reads the 'architecture_file' in the first workflow step. (2) Boundary markers: No delimiters or instructions are present to prevent the LLM from obeying instructions embedded in the file. (3) Capability inventory: The skill has the ability to execute shell commands via local Python scripts. (4) Sanitization: The skill does not validate or filter the content of the architecture document before processing it.
Audit Metadata