architecture-design
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows a legitimate workflow for architectural research and documentation. It uses tools like WebSearch and WebFetch for information gathering and Write/Edit for report generation, which are consistent with its stated purpose.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests project-specific artifacts from local directories such as
plans/andteam-artifacts/. While this constitutes an attack surface for indirect prompt injection (where instructions embedded in these files could influence the agent's behavior), the risk is mitigated by the skill's focus on generating comparative reports and requiring user validation (AskUserQuestion) for all recommendations before proceeding. There are no capabilities for arbitrary code execution or system-level changes that could be exploited via this surface. - [REMOTE_CODE_EXECUTION]: The skill performs research on external libraries and tools but does not contain instructions to install or execute them. It focuses on 'Dependency Risk Assessment' as a security feature to evaluate third-party package health.
Audit Metadata