using-system-archaeologist
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses extremely strong instructional language (e.g., 'MANDATORY', 'NON-NEGOTIABLE', 'STOP') and 'Rationalization Blockers' to prevent the agent from taking shortcuts or deviating from its role as a coordinator. These are internal process controls and do not attempt to override the underlying AI safety filters or exfiltrate instructions.
- [COMMAND_EXECUTION]: Several files (e.g.,
incremental-analysis.md,analyzing-test-infrastructure.md) define shell command patterns usingfind,grep,mkdir, andgit. These commands are used for local file system exploration, line counting, and git history analysis within the project workspace. No evidence of arbitrary or dangerous command execution was found. - [DATA_EXFILTRATION]: While
mapping-security-surface.mdinstructs the agent to identify security-relevant data such as trust boundaries and potentially hardcoded secrets, these findings are documented locally within a generateddocs/workspace. The skill does not contain any network-facing operations (likecurlorfetch) to transmit data externally. - [INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because its core purpose is to ingest and analyze external, untrusted codebases. However, the skill treats the ingested code as data for documentation rather than executable instructions, mitigating the risk. There are no patterns suggesting the agent would execute code found during analysis.
- [DATA_EXPOSURE]: The skill is designed to search for and document sensitive file paths (e.g.,
settings.py,.env) and patterns (e.g.,SECRET_KEY,API_KEY). This behavior is explicitly for the purpose of architectural auditing and reporting to the user, with no indications of unauthorized exposure.
Audit Metadata