architect
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and processing untrusted external data.
- Ingestion points: The skill instructions require the agent to read project plan files from
./plans/*.mdand perform an exploration of the codebase as part of its initialization and interview protocol. - Boundary markers: The instructions lack requirements for delimiters or specific instructions to ignore potential malicious prompts embedded within the files being analyzed.
- Capability inventory: The agent has the capability to read from and write to the local file system (updating planning documents) and to interact with the user via
AskUserQuestion. - Sanitization: There is no mention of sanitizing or validating the input from files before the agent processes it or incorporates it into generated technical designs.
- [NO_CODE]: The skill consists entirely of markdown instructions, configuration files, and documentation templates. It does not include any executable scripts (e.g., Python or JavaScript), which significantly reduces the risk of direct remote code execution or malware persistence.
Audit Metadata