architect
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell commands to create project structures, install dependencies, and run smoke tests based on AI-derived decisions.
- EXTERNAL_DOWNLOADS (MEDIUM): Downloads and installs arbitrary npm packages and specific MCP servers (@playwright/mcp, @modelcontextprotocol/server-github) during the scaffold process.
- REMOTE_CODE_EXECUTION (MEDIUM): Uses npx to execute remote code from npm packages. While Playwright is a Microsoft-backed project, the @modelcontextprotocol organization is not in the explicitly trusted list provided.
- PROMPT_INJECTION (LOW): Contains a surface for indirect prompt injection. 1. Ingestion points: docs/PRD.md, docs/research/VERDICT.md, docs/SCREENS.md, wireframes/. 2. Boundary markers: Absent. 3. Capability inventory: npm install, npx, shell execution, file system writes. 4. Sanitization: Absent.
Audit Metadata