faion-software-architect
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is designed to automatically investigate local project files (e.g., ADRs, Docker Compose, and Kubernetes manifests) to determine the architecture of a project. This pattern creates a surface for indirect prompt injection.
- Ingestion points: As defined in
SKILL.md, the agent usesGlobandGrepto read content from various configuration files (docker-compose*.yml,k8s/**/*.yaml, etc.) and documents (adr/*.md). - Boundary markers: The skill does not provide the agent with specific delimiters or instructions to treat data from these project files as untrusted or to ignore embedded directives.
- Capability inventory: The agent possesses
Write,Edit, andWebFetchtools, which could be leveraged if an injection in a project file successfully influences the agent's behavior. - Sanitization: There is no evidence of sanitization, validation, or escaping of the content read from the local filesystem during the discovery phase.
Audit Metadata