architecture-design
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface where untrusted input from the environment can influence agent behavior and file system modifications.
- Ingestion points: As described in
SKILL.md, the agent reads PRD documents, explores the existing codebase, and 'discovers' project commands from actual files to understand technical constraints. - Boundary markers: No specific delimiters or 'ignore embedded instructions' markers are defined to isolate external data from the agent's core logic.
- Capability inventory: The skill is granted
WriteandEdittools. Furthermore, it 'launches parallel specialist agents' to analyze architecture, security, and performance. If these specialists process untrusted data without sanitization, they could be compromised to produce malicious design specs or modify files inappropriately. - Sanitization: The skill lacks any mechanism for validating, escaping, or filtering content retrieved from PRDs or the codebase before integrating it into the Solution Design Document (SDD).
Recommendations
- AI detected serious security threats
Audit Metadata