architecture
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Overall Security Posture] (SAFE): The skill consists entirely of instructional Markdown files. There are no scripts (Python, Node.js, Shell) or binaries included.
- [Tool Permissions] (SAFE): The skill only requests 'Read', 'Glob', and 'Grep' tools, which are limited to information retrieval within the local environment. It does not request network access or file-writing capabilities.
- [Data Exposure] (SAFE): No hardcoded credentials, API keys, or sensitive file paths were detected in the documentation or templates.
- [Indirect Prompt Injection] (LOW): While the skill reads external project files which could theoretically contain malicious instructions, the lack of high-privilege tools (like execution or network calls) mitigates the risk to negligible levels. The agent is simply using the content to inform architectural suggestions.
Audit Metadata