architecture-design
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted project data.\n
- Ingestion points: In SKILL.md, the 'DiscoveryPhase' instructs the agent to 'Read the completed PRD' and 'Explore the codebase'. Additionally, template.md includes 'Implementation Context' sections for external documentation URLs and code files.\n
- Boundary markers: The skill lacks explicit instructions or separators that command the agent to ignore any natural language instructions found within the PRD or codebase context.\n
- Capability inventory: The agent can read/write files and trigger the 'launch' of additional specialist agents for specific research tasks.\n
- Sanitization: No validation or filtering is applied to the content discovered in the project files before it is used to populate the 'Solution Design Document' template.
Audit Metadata