improve-codebase-architecture
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from the user's codebase to generate architectural recommendations. Ingestion points: Codebase files explored via the Agent tool in the exploration step. Boundary markers: Absent; there are no instructions to differentiate codebase content from agent instructions or to ignore embedded instructions in the source code. Capability inventory: Utilizes sub-agents for design tasks and the gh CLI for creating repository issues. Sanitization: None detected; content from the codebase is directly reflected in the final generated issue RFC.
- [COMMAND_EXECUTION]: The skill uses the
gh issue createcommand to perform external write operations. It explicitly instructs the agent to skip user review before creation, which increases the risk of malicious or misleading content being posted if the agent has been influenced by poisoned data within the codebase.
Audit Metadata