architecture-reviewer
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local shell script (
scripts/scan_codebase.sh) to perform discovery on the user's project. This script accepts a directory path as an argument. While this is a functional requirement for the skill's stated purpose, it introduces a potential command injection surface if the provided path is not sanitized by the execution environment before being passed to the shell script. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because its core functionality involves reading and reasoning about external, untrusted data found in codebases and design documents.
- Ingestion points: Untrusted data enters the agent context through the
scan_codebase.shscript (which reads file structures and metadata) and by reading design documents provided by the user in Phase 1. - Boundary markers: The skill instructions do not utilize specific delimiters or provide 'ignore embedded instructions' warnings when the agent is directed to load and process these external references.
- Capability inventory: The skill possesses the ability to execute local shell scripts and access the file system.
- Sanitization: There is no evidence of content sanitization or validation of the files being reviewed.
Audit Metadata