architecture-review
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the workspace files it reviews. Malicious instructions embedded in the project's source code or documentation could influence the agent's architectural assessment or recommendations.
- Ingestion points: Local project files and directory structures mapped using the
Globtool and read via theReadandGreptools during the architecture review process (SKILL.md). - Boundary markers: The instructions do not define clear delimiters or warnings to treat ingested file content as untrusted data.
- Capability inventory: The skill has access to
Read,Write,Edit,Glob, andGreptools, allowing it to modify files based on its analysis. - Sanitization: No sanitization, escaping, or validation of the ingested code content is performed before processing.
Audit Metadata