review-software-architecture
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes npx madge to perform circular dependency analysis, fetching the madge package from the public npm registry.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute analysis commands, including grep for pattern matching and npx for structural validation.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of untrusted codebase files. Ingestion points: Read, Grep, and Glob tools are used to access files and documentation in steps 2 through 5. Boundary markers: No explicit markers or safety instructions are provided to the agent to ignore instructions within analyzed files. Capability inventory: The agent has access to the Bash tool (shell execution) and WebFetch. Sanitization: No sanitization is performed on ingested content.
Audit Metadata