architecture-doc-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process external content (codebases, architectural descriptions, and existing documentation) to generate output. This creates a significant attack surface where malicious instructions hidden in the data being processed could be executed by the agent.
- Ingestion Points: User requests and project files within the workspace.
- Boundary Markers: None specified in the SKILL.md.
- Capability Inventory: Includes
Bash,Write,Edit, andGrepwhich allow for significant system modification. - Sanitization: No sanitization or validation mechanisms are described for handled content.
- [Command Execution] (HIGH): The inclusion of the
Bashtool inallowed-toolsprovides the capability to execute arbitrary shell commands. When combined with the documentation-generation purpose, there is a risk that a prompt injection could trigger dangerous shell commands. - [Data Exposure] (MEDIUM): With
Read,Write, andEditpermissions, the skill has broad access to the user's workspace. If compromised via injection, sensitive project files or environment variables could be accessed or modified.
Recommendations
- AI detected serious security threats
Audit Metadata