architect-design
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes untrusted data from external sources.
- Ingestion points: Data enters the agent's context through Jira tickets and linked specification files accessed via MCP tools in
SKILL.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external Jira/Spec data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has the ability to write design documents to the file system (
enggenie/directory) and utilize browser preview tools. - Sanitization: The skill does not define any validation or sanitization steps for the content fetched from external APIs before processing.
- [CREDENTIALS_UNSAFE]: The subagent prompt in
agents/explorer-agent.mddirects the agent to locate and analyze configuration files and environment variable management. This reconnaissance process may inadvertently lead the agent to read or expose sensitive secrets, API keys, or credential files if they are present in the searched paths. - [EXTERNAL_DOWNLOADS]: The skill uses MCP tools to fetch data from external Jira project management instances and linked documentation sites. While these are well-known services, the content retrieved is dynamic and outside the skill's direct control.
Audit Metadata