The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses instructional language to guide the agent through an architectural audit workflow. It does not contain any patterns typical of direct prompt injection, such as attempts to override system safety guidelines, extract system prompts, or bypass constraints. Instructions focus on maintaining specific architectural vocabulary.
[DATA_EXFILTRATION]: While the skill is designed to explore and read from a codebase (entry points, modules, documentation files like ADRs and glossaries), there are no commands or logic that perform network operations to exfiltrate this data. The tool relies on the harness's existing exploration tools and does not introduce external curl, wget, or similar network-capable utilities.
[REMOTE_CODE_EXECUTION]: The skill does not download or execute external scripts. It mentions 'parallel sub-agent fanout' and 'exploration mechanisms', which are platform-native features of the AI harness used for task parallelization, not the execution of untrusted remote code.
[INDIRECT_PROMPT_INJECTION]: As the skill is designed to ingest and analyze arbitrary codebase files (Category 8), it naturally possesses an indirect injection surface. An attacker could embed malicious instructions within code comments or documentation. However, the skill's capabilities are limited to analytical reporting and updating project documentation (ADRs/Glossaries), with no capability for executing the analyzed code or performing sensitive operations, making the risk profile negligible.

architecture-audit