architecture-doc-generator
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted user data from SRS/PRD files without isolation or sanitization.
- Ingestion points: Step 1 in 'SKILL.md' involves reading and analyzing requirement documents provided via user-specified paths.
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The agent has the ability to read files and perform web searches based on analyzed content.
- Sanitization: There is no evidence of input validation or escaping for the content read from external documents.
- [DATA_EXFILTRATION]: The skill uses the web_search tool to find technical best practices based on the information extracted from the processed documents. This creates a potential egress channel where sensitive details from architectural requirements could be inadvertently included in search queries to external services.
- Evidence: 'SKILL.md' explicitly directs the agent to 'use web_search to search for related technical selections' based on the extraction of key information from business-sensitive documents.
Audit Metadata