pragmatic-guard
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses the bash 'cp' command to initialize configuration files from templates. Evidence: SKILL.md contains 'cp .architecture/templates/config.yml .architecture/config.yml'. These commands are hardcoded to specific local paths, preventing command injection.\n- [DATA_EXPOSURE] (SAFE): File access is limited to the '.architecture' directory. No sensitive files (e.g., SSH keys, environment variables) or credentials are accessed or exposed.\n- [Indirect Prompt Injection] (LOW): The skill reads from '.architecture/config.yml' to determine its behavior, which could be exploited if an attacker can modify the repository content. Evidence: 1. Ingestion point: .architecture/config.yml (SKILL.md Step 1). 2. Boundary markers: Absent. 3. Capability inventory: Read and Edit tools, plus bash (cp) execution. 4. Sanitization: Absent.
Audit Metadata