software-architect
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to interact with the environment, specifically executing GitHub CLI commands (gh pr view,gh pr diff) during the review process. The use of a shell-access tool represents a significant capability that could be misused if the agent is compromised by external data. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: Untrusted data enters the context through GitHub PR diffs, issues, and associated comments. Boundary markers: The skill lacks explicit delimiters or instructions for the agent to ignore potentially malicious embedded commands within the external content. Capability inventory: The skill has access to
Bash,Write,Read,Grep, andGlobtools across multiple files. Sanitization: There is no evidence of content sanitization or validation performed on the external data before it is integrated into the architectural analysis or review workflow.
Audit Metadata