architect
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data by reading the codebase to understand architecture (File: SKILL.md, Step 1). Mandatory Evidence: 1. Ingestion point: Read codebase step. 2. Boundary markers: Absent. 3. Capability inventory: File-write to 'docs/tasks/'. 4. Sanitization: Absent. This creates a surface for indirect prompt injection where malicious instructions hidden in code comments could influence the generated PRD content.
- [NO_CODE]: The skill consists solely of Markdown definition and template files. No executable code or scripts are provided within the skill package.
Audit Metadata