lead-architect
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted web content and possesses file-writing capabilities.
- Ingestion points: Rule 1 requires using the
search_webtool for current architectural research. - Boundary markers: There are no delimiters or instructions provided to isolate or ignore embedded commands within the web-retrieved data.
- Capability inventory: Rule 6 allows the agent to use
write_to_fileto generate technical artifacts like ADRs, RFCs, and SDDs. - Sanitization: No sanitization, validation, or escaping of external content is performed before it is incorporated into the generated file artifacts.
Recommendations
- AI detected serious security threats
Audit Metadata