domain-architect
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs the
Bashtool to executegrepandfindcommands for identifying entry points and dependency clients within a Swift project. While the instructions specify benign search patterns, the presence of a general-purpose shell tool increases the potential attack surface if the agent is manipulated. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests and processes untrusted data from local source code files.
- Ingestion points: Reads contents of Swift files,
@maindefinitions,@DependencyClientdefinitions, andPackage.swiftfiles. - Boundary markers: The instructions do not define explicit boundary markers or delimiters to separate code content from instructions, which may lead the agent to follow instructions embedded in code comments or string literals.
- Capability inventory: The skill has access to
Bash,Write,Edit, andReadtools, which could be leveraged if an injection is successful. - Sanitization: There is no evidence of sanitization or filtering of the content read from the codebase before it is used to drive architectural mapping decisions.
Audit Metadata