software-developer
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and implement 'Technical Specifications' from an external source (Systems Architect). While this creates a surface for indirect prompt injection, the risk is mitigated by mandatory code review, biologist validation, and a requirement for >80% test coverage.
- Ingestion points: Technical specifications provided via orchestrator/handoff.
- Boundary markers: None explicitly defined in the prompt template for the spec input.
- Capability inventory: Uses Bash, Write, and Edit tools to create and execute code.
- Sanitization: Relies on downstream human/agent review and automated testing rather than input sanitization.
- [Data Exposure & Exfiltration] (LOW): The skill contains logic to read configuration files from a specific local path (
~/.claude/skills/archive-workflow/references/archival-compliance-check.md). While accessing the home directory is a sensitive operation, this specific path appears restricted to the agent's internal configuration and is not used for data exfiltration.
Audit Metadata