information-architecture
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates by generating documentation and planning artifacts. It does not perform direct network operations, execute arbitrary shell commands, or access sensitive system files like credentials or SSH keys.
- [SAFE]: The codebase discovery process (Step 2 in SKILL.md) is designed to align with existing project structures, ensuring that generated plans are context-aware and non-disruptive.
- [SAFE]: Instructions for package manager detection (references/discovery.md) ensure that any installation or execution commands generated in the final PLAN.md match the user's specific environment, avoiding the introduction of unauthorized or conflicting tooling.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted external data (project briefs and existing codebase files) to inform its output.
- Ingestion points: The skill reads external project briefs (BRIEF.md, SPEC.md, README) and performs automated codebase discovery to gather context.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore or isolate instructions potentially embedded within these source documents.
- Capability inventory: The skill utilizes file system exploration (via the 'Explore' subagent) and file creation (PLAN.md, INFORMATION_ARCHITECTURE.md) to perform its tasks as described in SKILL.md.
- Sanitization: The skill does not implement specific sanitization or validation logic for the content ingested from the external source files.
Audit Metadata