architecture-guardian
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted project files provided by the user.
- Ingestion points: The agent reads source code, tests, and configuration files from the project directory (e.g.,
app/,lib/,tests/) using theReadandGreptools. - Boundary markers: The prompts lack explicit instructions or delimiters to ignore or sanitize potentially malicious instructions embedded in code comments or data within the project files.
- Capability inventory: The agent has the ability to read arbitrary files, search via grep, and propose shell commands (such as
npm run generate) for the user to execute. - Sanitization: There is no evidence of sanitization or content validation for the data ingested from the project files before it is processed by the AI.
- [COMMAND_EXECUTION]: The skill provides templates for executing local development commands like
npm run generate,npm test, andnpm run typecheck. These commands are standard for the targeted development workflow and do not involve suspicious privilege escalation or obfuscated execution. - [EXTERNAL_DOWNLOADS]: The documentation references official resources from well-known and trusted services, including the Remix project (
remix.run) and Cloudflare Pages (pages.cloudflare.com). No unauthorized or suspicious external scripts are downloaded or executed.
Audit Metadata