arch-flow
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to search for existing artifacts using
ls docs/plans/ 2>/dev/null | grep -i "<topic>". Directly interpolating user-provided topic strings into shell commands presents a risk of command injection if the input is not properly sanitized by the underlying agent or tool handler. - [PROMPT_INJECTION]: The resume protocol and stage transitions involve reading existing files from the
docs/directory. If these files were modified by an untrusted party or contain malicious instructions, they could influence the agent's behavior during the conversion or planning stages (Indirect Prompt Injection). - Ingestion points: Reads content from
docs/sketches/,docs/specs/, anddocs/plans/(SKILL.md). - Boundary markers: None explicitly defined to delimit documentation content from instructions.
- Capability inventory: Access to
Bash,Write,Edit, andTasktools allows for file modification and command execution. - Sanitization: No explicit sanitization or validation of the ingested documentation content is performed before processing.
Audit Metadata