ask-system-architect-prime
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted repository content, creating a significant attack surface for indirect injection.\n
- Ingestion points: The workflow scans the entire repository structure and reads the content of configuration files (e.g., .env.example) and the top 10 largest source files.\n
- Boundary markers: No boundary markers or instructions are provided to separate the agent's auditing instructions from the content of the files being analyzed.\n
- Capability inventory: The skill generates a persistent report (ARCHITECTURAL_AUDIT.md) and provides a 'Burn List' of prioritized refactoring tasks, which can influence downstream automated tools or human decisions.\n
- Sanitization: There is no mechanism to sanitize or filter untrusted code content before processing it via the agent's reasoning engine.\n- Data Exposure (HIGH): The skill is explicitly instructed to locate configuration sources and scan source code for hardcoded secrets. This behavior involves accessing sensitive data patterns, which constitutes an exposure risk if the agent's logic is subverted via prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata