six-layer-architect
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows secure development practices, providing templates for standard web development tasks such as file uploading, authentication, and state management without introducing malicious code. No obfuscation, persistence, or privilege escalation patterns were found.
- [PROMPT_INJECTION]: The instructions focus on architectural code generation. While the skill processes user requirements that could contain indirect injections, it mitigates this risk by including a security checklist and instructing the agent to perform safety reviews. Ingestion points: user-provided functional requirements. Boundary markers: none explicitly defined in SKILL.md. Capability inventory: generation of API routes, service logic, and database models. Sanitization: use of security checklist and human review reminders.
- [DATA_EXFILTRATION]: No sensitive file access or hardcoded credentials detected. Network activity is limited to standard API interactions described in the generated code templates.
- [REMOTE_CODE_EXECUTION]: The Python script
scripts/generate_code.pyis a local utility for template instantiation and does not execute remote code.
Audit Metadata