backend-architect
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): High risk of Indirect Prompt Injection due to the combination of high-trust tools and lack of data boundaries. 1. Ingestion points: The agent uses Read, Grep, and Glob tools to ingest content from the project codebase. 2. Boundary markers: Absent; there are no instructions to differentiate between system instructions and data found in files. 3. Capability inventory: Significant write and execute capabilities via Write, Edit, and Bash(npm:*). 4. Sanitization: Absent; no validation is performed on ingested content before processing.
- COMMAND_EXECUTION (MEDIUM): The skill allows broad command execution through Bash(npm:*). While intended for package management, this tool can be weaponized to install malicious dependencies or run arbitrary scripts if the agent is manipulated by adversarial content within the technical documents or code it manages.
Recommendations
- AI detected serious security threats
Audit Metadata