engineering-backend-architect
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides scripts for the agent to execute as part of its backend architectural duties.
scripts/check_api_health.sh: A Bash script that usescurlto probe health endpoints.scripts/analyze_schema.py: A Python script that uses regex to analyze SQL schema definitions.- [DATA_EXFILTRATION]: The skill performs network operations that could be misused for data exfiltration or internal network probing.
scripts/check_api_health.shtakes a user-provided base URL and performs multiplecurlrequests. This functionality could be leveraged for Server-Side Request Forgery (SSRF) to probe internal network resources or exfiltrate environment data if the agent runs in a privileged network.- The script prints a preview of the response body, which could expose sensitive information if pointed at internal metadata services or private APIs.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection due to the lack of boundary markers and sanitization when processing external data.
- Ingestion points: Data enters the agent's context through the body of HTTP responses in
scripts/check_api_health.shand the content of SQL files inscripts/analyze_schema.py. - Boundary markers: There are no explicit markers or instructions used to separate untrusted data (fetched from URLs or files) from the agent's system instructions.
- Capability inventory: The agent can execute shell and python scripts, perform network requests, and read files from the disk.
- Sanitization: The skill does not implement any validation or sanitization for the content fetched from URLs or read from SQL files before it is processed by the agent.
Audit Metadata