c3
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a shell script wrapper (
bin/c3x.sh) to execute platform-specific binaries for all core architectural operations, including project initialization (init), component lookups (lookup), and integrity checks (check). This command execution is the primary mechanism for the tool's functionality. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) by design. It ingests data from untrusted project files and documentation located in the
.c3/directory and is explicitly instructed to treat the resulting 'refs' as 'hard constraints' that 'MUST be honored' with 'No exceptions.' This creates a vulnerability where a project containing malicious architectural documentation could influence the agent's behavior. - Ingestion points: Project source code and documentation files located in the
.c3/directory. - Boundary markers: Absent; instructions state that external documentation content supersedes assumptions and must be followed.
- Capability inventory: File system access (reading and writing documentation and project files) and subprocess execution via the
c3x.shwrapper. - Sanitization: Absent; the skill does not specify any validation or filtering of the content extracted from the architectural 'refs' before they are adopted as constraints.
Audit Metadata