architect-pro
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (HIGH): The documentation in repository-analysis.md and monorepo-strategies.md explicitly recommends using
npx repomix@latest, which downloads and executes code from the npm registry at runtime. This bypasses local security controls and relies on untrusted external sources. - [Prompt Injection] (HIGH): The skill describes building 'Autonomous Agents' that use tools to pack and analyze remote repositories (repository-analysis.md) and execute actions based on that analysis (ai-integration.md). This establishes a high-severity Indirect Prompt Injection surface. Evidence: 1. Ingestion points: Remote GitHub repositories via
repomix --remote. 2. Boundary markers: None mentioned for ingested code content. 3. Capability inventory: 'executeTool' calls in autonomous agent loops and Next.js Server Actions. 4. Sanitization: No logic provided to sanitize or ignore instructions embedded within the ingested codebase files. - [Command Execution] (MEDIUM): The skill promotes executing shell commands like
git grepandgrep(monorepo-strategies.md) on potentially untrusted data structures, which could lead to command injection if filenames or content are crafted maliciously and the agent does not perform adequate escaping.
Recommendations
- AI detected serious security threats
Audit Metadata