senior-architect
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to run 'npm install' and 'pip install -r requirements.txt' without providing the corresponding package.json or requirements.txt files, allowing for the potential installation of untrusted dependencies.
- COMMAND_EXECUTION (LOW): The skill executes Python scripts ('scripts/architecture_diagram_generator.py', etc.) that take project paths as arguments, which could lead to unsafe file operations if the scripts are not properly secured.
- CREDENTIALS_UNSAFE (LOW): The setup process includes managing '.env' files, which are high-value targets for credential exposure.
- INDIRECT_PROMPT_INJECTION (LOW): 1. Ingestion points: , , and the local directory (.). 2. Boundary markers: None are specified to delimit untrusted project data from agent instructions. 3. Capability inventory: Subprocess execution of Python scripts and shell commands (npm, docker, kubectl). 4. Sanitization: No sanitization or validation of project input is mentioned in the documentation.
Audit Metadata