improve-codebase-architecture
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate codebase analysis and refactoring tasks. It operates on project files to provide architectural insights and does not perform any network operations or access sensitive system credentials.
- [PROMPT_INJECTION]: The skill has an inherent attack surface for indirect prompt injection because it ingests and processes untrusted codebase content and documentation (ADRs, glossaries) to fulfill its primary purpose of architectural analysis. This is a low-risk factor typical for tools of this nature.
- Ingestion points: Project codebase files explored via sub-agents,
CONTEXT.md, anddocs/adr/files. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill can read codebase files, write to architectural documentation (
CONTEXT.md, ADR files), and spawn sub-agents for specialized design tasks. - Sanitization: No specific sanitization or validation of external content was identified.
Audit Metadata