architecture-planner
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: This skill presents an indirect prompt injection attack surface by combining untrusted data ingestion with exploitable file system capabilities.
- Ingestion points: The skill auto-activates and processes natural language feature descriptions (e.g., 'Plan component architecture for...') provided by the user or upstream agents.
- Boundary markers: There are no explicit delimiters or 'ignore' instructions within the skill to differentiate between legitimate user requirements and potential embedded commands.
- Capability inventory: According to the frontmatter in SKILL.md, the skill is granted 'Read', 'Write', and 'Edit' tool permissions, which could be misused if the agent's instructions are subverted.
- Sanitization: The skill lacks mechanisms to sanitize or validate the input descriptions before they are used to influence the agent's architecture planning and file-writing outputs.
Audit Metadata