sync-architecture
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its reliance on untrusted session and codebase data.
- Ingestion points: The skill reads 'Current session history' and 'codebase changes' including manifests like package.json and requirements.txt which can be influenced by malicious code or inputs.
- Boundary markers: The skill fails to define specific delimiters or instructions to ignore potential commands embedded within the analyzed data.
- Capability inventory: The skill can read and write to markdown files within the 'specs/architecture/' directory.
- Sanitization: The skill lacks sanitization mechanisms to filter or escape content extracted from the session before it is integrated into documentation proposals.
Audit Metadata