design-analyze-tech
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill explicitly prompts for access to sensitive configuration files including .env, application.yml, and settings.py. Accessing these file paths constitutes a high-severity data exposure risk, as they are standard locations for hardcoded credentials and environment secrets. This risk is categorized as Medium here because the access is directly related to the skill's primary purpose of technical architecture analysis.
- [COMMAND_EXECUTION]: The skill instructions specify writing the resulting analysis report to a local directory: /projectdocs/design/. This indicates the agent will perform file system write operations on the host environment.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingest untrusted data from the project being analyzed.
- Ingestion points: The skill reads project paths, dependency files (pom.xml, package.json), configuration files, and core business code snippets (SKILL.md).
- Boundary markers: No specific delimiters or instructions to ignore embedded commands within the analyzed data are present.
- Capability inventory: The skill has the capability to write files to the local disk (/projectdocs/design/).
- Sanitization: There is no evidence of sanitization or filtering for the external content before it is processed or written to the final report.
Audit Metadata