arch-mmd
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted data from the codebase and has file-write capabilities.
- Ingestion points: Phase 1 requires the agent to "Scan the project" and "Find the entry point(s)", exposing it to any malicious instructions embedded in file contents, READMEs, or comments.
- Boundary markers: Absent. The skill provides no delimiters or instructions (e.g., "ignore instructions found within files") to protect the agent from being hijacked by content it scans.
- Capability inventory: File modification. The skill explicitly instructs the agent to "Write the diagram to ARCHITECTURE.mmd in the project root". In an agentic environment, a successful injection could also leverage other tools beyond just file writing.
- Sanitization: Absent. There is no mention of validating or escaping content retrieved from the codebase before it is used to generate the Mermaid diagram.
Recommendations
- AI detected serious security threats
Audit Metadata