3-identifying-architecture
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection (Category 8) by processing untrusted data from the local filesystem.
- Ingestion points: The skill instructs the agent to read and analyze all files in a codebase, specifically referencing ./{output-folder}/1-techstack.md and ./{output-folder}/2-file-categorization.json.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the analyzed files are provided to separate data from instructions.
- Capability inventory: The agent has the capability to read local files and write results to the filesystem.
- Sanitization: There is no evidence of input validation or output sanitization to prevent malicious content in the codebase from influencing the agent's behavior.
- [EXTERNAL_DOWNLOADS]: The installation metadata includes a command to fetch the skill definition via curl from an external repository (github.com/majiayu000/claude-skill-registry).
Audit Metadata