resonance-architect
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill includes the
run_commandtool in its definition. Although the provided operational sequences focus on architecture documentation (ADRs and C4 models), the availability of this tool allows the agent to execute arbitrary shell commands on the underlying system. - [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8). It is designed to ingest and interpret external business logic, domain models, and feature requirements provided by users or read from files.
- Ingestion points: Reads project requirements and existing codebases via
read_fileand user input. - Boundary markers: None identified. There are no instructions for the agent to ignore or delimit embedded commands within the data it processes.
- Capability inventory: Access to
run_command,write_file, andedit_fileallows for full system compromise if an attacker embeds instructions in a 'System Design' request. - Sanitization: No evidence of input sanitization or validation of external content before processing.
- [DATA_EXFILTRATION] (MEDIUM): The combination of
read_file(to access sensitive architecture/config files) and the capability to userun_command(which could triggercurlorwget) creates a significant risk for data exfiltration of the host environment or the project's intellectual property.
Recommendations
- AI detected serious security threats
Audit Metadata