fifteen-factor-app
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- General Security (SAFE): The skill is entirely composed of Markdown documentation and YAML metadata. It provides architectural principles for cloud-native applications.
- Indirect Prompt Injection (LOW): While the skill is intended to be invoked when processing user-provided architecture plans or PRDs (untrusted data), its capabilities are limited to providing architectural advice and reading its own reference files. There are no high-risk capabilities like file writing, network requests, or arbitrary command execution that could be exploited via indirect injection.
- Command Execution (INFO): The documentation mentions using grep to search through its own reference files. This is a standard method for an agent to retrieve information from its knowledge base and does not constitute a security risk in this context.
Audit Metadata