skill-architect
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection (Category 8) as the skill's library audit workflow processes untrusted data with high-privilege write capabilities. Evidence Chain: 1. Ingestion points: Reads content and metadata from all files within '.claude/skills/' during library-wide audits. 2. Boundary markers: Absent; there are no instructions to help subagents distinguish between data to be audited and embedded malicious instructions. 3. Capability inventory: Coordinates subagents (@skill-generator, @skill-optimizer) that create directory structures, write SKILL.md files, and generate Python scripts. 4. Sanitization: Absent; no validation or escaping is performed on audited skill content before it is passed to subagents.
Recommendations
- AI detected serious security threats
Audit Metadata