architect
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze external content from project files, which creates an indirect prompt injection surface.
- Ingestion points: Processes files provided in context, specifically
Requirements-final.mdandExperience-final.md(as defined in the 'Process' and 'Agent Coordination' sections). - Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore embedded instructions within the ingested files.
- Capability inventory: The skill is restricted to reasoning, planning, and markdown generation (
02-definition/feasibility-v1.md). It does not contain explicit commands for network access or subprocess execution. - Sanitization: Absent. There is no mention of sanitizing or validating the content of the external files before processing.
- [Data Exposure] (INFO): The skill requires access to the entire 'Codebase' for analysis. While this is necessary for its function as an architect, it represents a significant data access surface that relies on the underlying agent's environment security.
Audit Metadata