graphicode-architect
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill's task of translating user requirements into technical designs involves processing untrusted user input and project documentation, creating a surface for indirect prompt injection. 1. Ingestion points: User requirement prompts and project files read via 'cat' commands in SKILL.md. 2. Boundary markers: No delimiters or instructions are used to separate ingested data from the agent's core instructions. 3. Capability inventory: The skill can read and write files using 'cat' and 'echo' as defined in SKILL.md. 4. Sanitization: No validation or filtering is applied to the ingested content before processing.
- [COMMAND_EXECUTION]: The skill performs local file system operations using the 'cat' and 'echo' shell commands. These commands use dynamically constructed paths based on project configuration and user input to manage project flows, algorithms, states, and types.
Audit Metadata