architecture-design-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill is designed for text-to-text generation based on project documentation.
- Indirect Prompt Injection (SAFE): The skill possesses a surface for indirect prompt injection as it reads user-controlled markdown files. However, the risk is negligible as its only capability is writing a markdown document. Evidence: 1. Ingestion points: docs/prd.md, docs/functional-design.md, docs/architecture.md; 2. Boundary markers: Absent; 3. Capability inventory: File-write (markdown); 4. Sanitization: N/A for this use case.
- CREDENTIALS_UNSAFE (SAFE): While the guide mentions an API key example, it uses a placeholder ('xxxxx') and provides the instruction as a security best practice for the developer to follow in their own code, rather than hardcoding a real secret.
Audit Metadata