Skills
NYC
skills/erichowens/some_claude_skills/skill-architect/Gen Agent Trust Hub

skill-architect

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed as an 'authoritative meta-skill' for auditing and validating other agent skills. This creates a high-risk surface for indirect prompt injection where malicious instructions within an audited skill could compromise the meta-agent. \n
  • Ingestion points: Path-based auditing of external skills via scripts/validate_skill.py (referenced in README.md) and processing of 'concrete examples' (referenced in README.md). \n
  • Boundary markers: No explicit delimiters or 'ignore embedded instructions' markers are defined in the orchestration or validation templates. \n
  • Capability inventory: The skill framework includes and encourages the execution of Python and Bash scripts (e.g., validate_skill.sh, init_skill.py) and defines agent pipelines with access to system tools like Bash (referenced in subagent-template.md). \n
  • Sanitization: No evidence of sanitization or safety-filtering for the content of audited skills is provided in the validation logic. \n- Command Execution (MEDIUM): The skill's workflow and documentation rely on the execution of local scripts and build commands. While templates like validate_skill.sh appear benign, the framework encourages the creation of powerful tools that operate on the local file system and external APIs. Evidence: scripts/init_skill.py, scripts/validate_skill.py, and npm run build instructions in references/mcp-template.md. \n- External Downloads (LOW): The skill's templates and documentation encourage the installation of external packages from npm and PyPI. Per [TRUST-SCOPE-RULE], these are downgraded to LOW/INFO as they target trusted repositories, but they remain a supply chain surface. Evidence: package.json in mcp-template.md and pip install commands in self-contained-tools.md. \n- Metadata / Phantom Tools (LOW): The README.md and CHANGELOG.md reference several scripts (e.g., scripts/package_skill.py) that are not included in the provided skill bundle. This mismatch between documented capability and provided files can lead to unexpected agent behavior.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:01 AM