agent-architect
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The manifest allows
Bash(pip install *)andBash(uv *), permitting the installation of arbitrary Python packages. This is a supply chain risk if the agent is manipulated into installing malicious dependencies.\n- [COMMAND_EXECUTION] (MEDIUM): The skill's primary function is the generation of executable Python code and system prompts (Phase 5). Dynamic code generation based on user input carries inherent risks of generating insecure or malicious logic.\n- [PROMPT_INJECTION] (LOW): The skill ingests untrusted user requirements during its 5-phase interview process. These descriptions are directly used to define agent identities and system prompts, creating a surface for indirect prompt injection that could influence the behavior of the generated agent system.
Audit Metadata