architecture-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface because it processes untrusted data from external projects.
- Ingestion points: The analyzer reads and parses files such as
package.json,tsconfig.json, and.nvmrc, and recursively lists filenames within the target project directory. - Boundary markers: The generated reports (Markdown, JSON, Scorecard) incorporate data extracted from the project (e.g., package names, directory names, version strings) without explicit delimiters or sanitization to prevent adversarial content from influencing subsequent agent steps.
- Capability inventory: The skill possesses the ability to read files, list directories, and write files to arbitrary locations on the system if specified in the options.
- Sanitization: No sanitization is applied to the project-sourced data before it is presented in the final analysis output.
- [COMMAND_EXECUTION]: The script uses the
child_process.spawnmethod to execute package manager binaries (npm,yarn,pnpm) to check their versions. While the command is limited to the--versionflag and binary names are selected from a hardcoded list, this functionality relies on the presence and integrity of these tools in the environment's PATH. - [SAFE]: The core implementation uses standard Node.js modules for file system operations and project analysis. No patterns of credential theft, data exfiltration, or malicious obfuscation were identified.
Audit Metadata