architecture-review
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands including
git,find,grep,pytest,pydeps, andmadgeto perform architectural assessments and dependency mapping. These tools are standard for development environments but require execution privileges on the host environment. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) as it processes data from untrusted local files such as Architecture Decision Records (ADRs) and source code files. Maliciously crafted content within these files could potentially influence the agent's findings or instructions.
- Ingestion points: File search and content extraction performed in
modules/adr-audit.md,modules/coupling-analysis.md, andmodules/principle-checks.md. - Boundary markers: No specific delimiters or safety instructions are defined to separate tool output from system prompts.
- Capability inventory: The skill can read from the filesystem and execute multiple analysis tools (
grep,find,pytest,madge,pydeps). - Sanitization: No evidence of sanitization or content validation for the data ingested from the repository.
Audit Metadata