team-architect
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the untrusted data it is designed to process.
- Ingestion points: The agent ingests git diffs, task specifications, ADRs, and design documents as described in SKILL.md.
- Boundary markers: The skill lacks explicit boundary markers or instructions to disregard potential commands embedded within the reviewed code or documents.
- Capability inventory: While the skill itself does not execute code, its output (APPROVED/CHANGES_REQUIRED) likely controls the progression of an automated development pipeline.
- Sanitization: There is no evidence of input sanitization to filter out malicious instructions hidden in code comments or metadata.
- [NO_CODE]: The skill contains no executable code or scripts, which significantly reduces the attack surface for categories like remote code execution or privilege escalation.
Audit Metadata