Skills
skills/ratacat/claude-skills/agent-native-architecture/Gen Agent Trust Hub

agent-native-architecture

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The file 'references/self-modification.md' provides instructions for creating agents that can rewrite their own source code and trigger redeployments ('self_deploy'), creating a structural RCE vulnerability.
  • [COMMAND_EXECUTION] (HIGH): 'references/self-modification.md' includes examples of tools designed to execute shell commands like 'npm run build', 'git push', and 'restart' without sufficient restriction.
  • [DATA_EXFILTRATION] (HIGH): The document 'references/refactoring-to-prompt-native.md' explicitly advocates for removing 'artificial' restrictions on file-read tools ('Agent can read anything'), which enables access to sensitive credentials, environment variables, and private keys.
  • [PROMPT_INJECTION] (LOW): 'references/dynamic-context-injection.md' demonstrates injecting untrusted data like 'recentActivity' (including excerpts) into the system prompt without boundary markers or sanitization. Evidence: 1. Ingestion: 'recentActivity' excerpts and book titles. 2. Boundary markers: Absent. 3. Capability inventory: 'publish_to_feed', 'web_search', 'write_file'. 4. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:10 PM