team-arch-opt
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Vulnerability to Indirect Prompt Injection. The skill is designed to analyze and refactor arbitrary codebases, creating a direct ingestion path for untrusted data that could contain malicious instructions.
- Ingestion Points: Roles such as 'analyzer', 'refactorer', and 'reviewer' read codebase source files and metadata (e.g., role-specs/analyzer.md).
- Boundary Markers: No explicit boundary markers or 'ignore' instructions are present in the 'SKILL.md' worker spawn templates to prevent the agent from obeying instructions embedded in the analyzed code.
- Capability Inventory: The agent has high-privilege access to 'Bash', 'Write', and 'Edit' tools, which could be leveraged if an injection occurs.
- Sanitization: There is no evidence of sanitization or content filtering before data is processed by the LLM workers.
- [COMMAND_EXECUTION]: Extensive use of shell execution tools to manage the codebase and validation pipeline.
- Evidence: The 'coordinator' and workers utilize the 'Bash' tool to manage session directories and execute project-specific build tools like 'npm', 'cargo', and 'go' as defined in 'role-specs/validator.md'.
Audit Metadata