config-architect
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability through configuration file processing.\n
- Ingestion points: The script
scripts/audit.pyreads all.md,.py,.json, and.txtfiles within the user's workspace directory.\n - Boundary markers: There are no boundary markers or instructions to the agent to ignore embedded commands when processing the audit reports or performing file migrations.\n
- Capability inventory: The skill is granted
read,write, andpythontools, which allow for file system modification and code execution based on the (potentially poisoned) audit results.\n - Sanitization: The skill lacks sanitization of external content; technical strings and rules extracted from the audited files are reflected directly into the output report.\n- [COMMAND_EXECUTION]: Local script execution for auditing tasks.\n
- The skill documentation instructs the agent to execute a local Python script (
scripts/audit.py) to perform workspace analysis. While the script's current implementation is restricted to standard library calls for file system auditing, the pattern of executing bundled scripts on user-controlled data is a prerequisite for more complex attack chains.
Audit Metadata