c4-architecture
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill includes a step to 'Analyze codebase' to identify system components. This represents an indirect prompt injection surface where malicious instructions hidden in the codebase (e.g., in code comments or metadata) could potentially influence the agent's output. However, the skill lacks high-privilege capabilities like network access or subprocess execution, limiting the risk.
- [File System Operations] (SAFE): The skill writes architectural documentation to the
docs/architecture/directory. This is consistent with its stated purpose and does not involve unauthorized file access or modification of sensitive system files. - [No Code Detected] (SAFE): The provided content consists solely of a README.md file. No executable scripts, binary files, or package dependencies were found that could perform malicious actions.
Audit Metadata