graphicode-dev-architect
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
catandechoto manage project files. These commands use variables such as<flowDir>and<flowId>which are parsed from thegraphig.mdconfiguration file. If a project contains a maliciously crafted configuration file, it could lead to command injection when the agent attempts to execute these shell tasks.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the project it is managing.\n - Ingestion points: The agent reads multiple project files, including
graphig.md,flow.graphig.md, and variousREADMEfiles for flows, states, and algorithms.\n - Boundary markers: The instructions lack markers or specific prompts to treat the content of these files as untrusted data or to ignore instructions embedded within them.\n
- Capability inventory: The agent has the capability to read and write to the local file system using the provided shell commands.\n
- Sanitization: There is no requirement for the agent to validate or sanitize the paths or content read from the project files before they are used in subsequent operations or shell command construction.
Audit Metadata