Config Architect
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains no attempts to override agent instructions, bypass safety filters, or extract system prompts. It uses standard instructional language to define a persona.
- [Data Exposure & Exfiltration] (SAFE): No file system access, credential patterns, or network communication commands (curl, wget, fetch) were detected.
- [Obfuscation] (SAFE): The content is clear-text markdown with no encoded strings, zero-width characters, or homoglyphs.
- [Unverifiable Dependencies & RCE] (SAFE): There are no package manifests (package.json, requirements.txt) or commands that download and execute remote scripts.
- [Indirect Prompt Injection] (LOW): The skill is designed to process user-provided system requirements (untrusted data). However, since the skill lacks any 'write' or 'execute' capabilities (no command execution or file modification), the risk is limited to influencing the agent's immediate reasoning output.
- [Dynamic Execution] (SAFE): No patterns of runtime code generation, compilation, or unsafe deserialization were identified.
Audit Metadata