architecture-review
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's memory protocol mandates the use of the
catcommand to read local files (e.g.,.claude/context/memory/learnings.md) for maintaining state across sessions. While limited to the local filesystem, this involves direct execution of shell commands. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from untrusted project files and has the capability to modify the filesystem.
- Ingestion points: Uses
Glob,Read, andGreptools to ingest content from project source code and configuration files. - Boundary markers: There are no explicit delimiters or instructions defined to prevent the agent from following malicious instructions embedded within the files being reviewed.
- Capability inventory: The agent possesses
WriteandEdittools, enabling it to alter project code based on its analysis of potentially malicious input. - Sanitization: No input validation or sanitization routines are specified for the content processed by the skill.
Audit Metadata