senior-architect
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability surface. The skill ingests untrusted data from the user's filesystem and possesses high-privilege capabilities.
- Ingestion points: The skill reads external project files via the
<project-path>and<target-path>arguments inSKILL.md. - Boundary markers: Absent. There are no instructions to the agent to ignore embedded commands or markers to delimit code from instructions.
- Capability inventory: The skill executes local Python scripts (
project_architect.py) which are described as providing "Automated fixes" (file-write capability) and performs analysis via subprocess calls (python3). - Sanitization: Absent. There is no evidence of validation or filtering of the external content before it influences agent decision-making or file modifications.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on executing multiple local Python scripts (
architecture_diagram_generator.py,project_architect.py,dependency_analyzer.py) via the command line. While these are part of the skill, their execution on arbitrary user paths poses a risk if the scripts themselves are compromised or behave unexpectedly with malicious input. - [EXTERNAL_DOWNLOADS] (MEDIUM): The development workflow includes
npm installandpip install -r requirements.txt. These represent unverifiable dependencies that could lead to supply chain attacks, as specific versions or trusted registries are not enforced in the provided instructions.
Recommendations
- AI detected serious security threats
Audit Metadata