software-architecture
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [External Downloads] (MEDIUM): The 'Library-First Approach' section mandates that the agent 'ALWAYS search for existing solutions before writing custom code' and 'Check npm for existing libraries.' This instruction encourages the agent to pull in external dependencies without providing any framework for security verification or integrity checking.
- [Remote Code Execution] (MEDIUM): By directing the agent to use libraries like 'cockatiel' and others found on NPM instead of local utilities, the skill facilitates the introduction and execution of third-party code. In an automated agent context, this increases the risk of the agent selecting a malicious package that executes during the build or runtime phase of the generated software.
- [Indirect Prompt Injection] (MEDIUM): The skill possesses a high-risk capability surface for indirect injection.
- Ingestion points: Instructions to search NPM and third-party SaaS providers mean the agent will ingest metadata and package information from uncontrolled external environments.
- Boundary markers: Absent. There are no delimiters or instructions to treat external package descriptions as untrusted.
- Capability inventory: The skill is designed for code generation and architectural design, giving it direct influence over the user's filesystem and application logic.
- Sanitization: None provided. The agent is not instructed to verify download counts, check for vulnerabilities (e.g., via npm audit), or validate package authors.
Audit Metadata