senior-architect
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill references 'npm install' and 'pip install -r requirements.txt' but the underlying dependency lists are not provided for verification.
- COMMAND_EXECUTION (MEDIUM): The skill relies on local Python scripts in a 'scripts/' folder that were not included in the audit, posing a risk of unverified file system access.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted project files. Evidence Chain: 1. Ingestion points: 'scripts/project_architect.py' and 'scripts/dependency_analyzer.py' read files from user-specified paths. 2. Boundary markers: None identified. 3. Capability inventory: Execution of local Python scripts, shell commands, Docker, and Kubernetes. 4. Sanitization: None mentioned.
Audit Metadata