architecture-scaffold
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows secure development practices and focuses on structural code integrity over logic execution. No malicious patterns such as obfuscation, data exfiltration, or persistence were detected.\n- [COMMAND_EXECUTION]: The skill instructs the agent to use standard development tools to manage the codebase and verify the architecture.\n
- Evidence: Uses
gitfor branch management (git checkout -b architecture-scaffold) to isolate architectural changes.\n - Evidence: Uses
grepto mechanically verify dependency rules by inspecting import statements in source files.\n - Evidence: Invokes language-specific build tools (
cargo check,swift build,tsc --noEmit) to validate the structural soundness of the generated type skeletons.\n- [PROMPT_INJECTION]: The skill processes user-provided architectural designs, which is an indirect prompt injection surface. However, it incorporates robust mitigations.\n - Ingestion points: High-level architecture specs or design documents provided by the user in Phase 1.\n
- Boundary markers: Employs a structured 'Module Map' as an intermediate representation to separate prose intent from code structure.\n
- Capability inventory: Local file system operations, git branching, and compiler execution.\n
- Sanitization: Requires explicit user sign-off on the Module Map (Phase 1) and the Migration Manifest (Phase 3) before any implementation or porting occurs, ensuring the human remains the authority.
Audit Metadata