stack-architecture
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user input (project requirements) to generate architectural designs, creating a potential surface for indirect instructions.
- Ingestion points: SKILL.md Step 1 (Gathering information about transport surfaces, domain operations, and dependencies).
- Boundary markers: Absent; the templates do not utilize specific delimiters to isolate user-provided data from architectural logic.
- Capability inventory: The skill is restricted to 'Read', 'Grep', and 'Glob' tools; it lacks capabilities for writing files, making network requests, or executing code.
- Sanitization: No sanitization or validation steps are defined for the input requirements.
- [Unverifiable Dependencies] (SAFE): The skill references various '@outfitter/*' packages. While these are not from established trusted organizations, they are mentioned as design recommendations rather than being automatically installed or executed via skill scripts.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network communication patterns were detected.
- [Obfuscation] (SAFE): No evidence of Base64 encoding, zero-width characters, or other obfuscation techniques designed to hide malicious intent.
Audit Metadata