cva-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a documentation-centric tool for architectural analysis. All referenced scripts are local and perform benign tasks such as text parsing and validation of architectural matrices.
- [COMMAND_EXECUTION]: The skill executes a local Python script
validate-cva-matrix.pyto validate Markdown-based matrix files. The script implements defensive programming by explicitly verifying that the input file path remains within the current working directory usingos.path.abspath, which is a best practice to prevent path traversal vulnerabilities. - [PROMPT_INJECTION]: The skill processes user-provided requirements and use cases to construct a Commonality Variability Analysis (CVA) matrix. Although this involves processing untrusted external input without explicit boundary markers, the risk of indirect prompt injection is minimal because the skill's output is limited to architectural documentation and design recommendations.
Audit Metadata