architecture-md-builder
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands and scripts to perform its tasks.
- It calls
python3 ~/.claude/skills/exa-search/scripts/exa_search.pyandexa_research.pyto conduct background research on documentation best practices. - It uses
wc -lto calculate line counts for source files as part of the architecture mapping process. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the repository being documented.
- Ingestion points: Phase 2 exploration agents read entry points, abstractions, data structures, and API handling code from the local codebase (SKILL.md).
- Boundary markers: The subagent prompts do not include explicit delimiters or instructions to ignore instructions embedded within the source code being analyzed.
- Capability inventory: The subagents are tasked with mapping core systems, data flows, and architectural invariants, providing a wide scope for influence (SKILL.md).
- Sanitization: There is no evidence of sanitization or filtering of source code content before it is processed by the exploration agents.
Audit Metadata