design-archivist
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and process large amounts of untrusted data from external websites.
- Ingestion points: Uses WebFetch to crawl up to 1000 real-world examples from any domain, including portfolios, SaaS, and e-commerce sites (defined in SKILL.md and references/domain_guides.md).
- Boundary markers: There are no explicit instructions or delimiters mentioned to ensure the agent ignores malicious instructions that might be embedded in the HTML or metadata of the target websites.
- Capability inventory: The agent utilizes the Write tool to save visual databases and checkpoints to the local filesystem (SKILL.md).
- Sanitization: No sanitization or content filtering is implemented for the data fetched from external sources before it is analyzed or written to disk.
- [COMMAND_EXECUTION]: The skill provides a shell script scripts/validate_archive.sh for validating the structure of generated JSON archives.
- The script uses the jq utility to perform schema checks on files provided as arguments.
- While intended as a utility, the presence of executable shell scripts should be noted as part of the skill's operational footprint.
Audit Metadata