improve-codebase-architecture
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external codebase content to drive sub-agent tasks and GitHub issue creation.
- Ingestion points: Codebase contents are accessed via the Explore tool in SKILL.md.
- Boundary markers: The skill does not define delimiters or provide instructions to ignore embedded prompts when preparing technical briefs for sub-agents.
- Capability inventory: The skill spawns multiple parallel sub-agents and performs automated writes to external repositories using gh issue create.
- Sanitization: No sanitization or validation of codebase content is performed before it is interpolated into prompts or issue templates.
- Autonomy: Step 7 instructs the agent to create GitHub issues without prior user review, which reduces oversight for potentially malicious content derived from the codebase.
Audit Metadata