software-architecture
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill explicitly instructs the agent to 'ALWAYS search for existing solutions before writing custom code' and specifically recommends checking npm for libraries. While standard development practice, for an automated agent this creates a risk of software supply chain attacks. The agent may inadvertently suggest or install malicious or typosquatted packages found during its search process.
- [INDIRECT_PROMPT_INJECTION] (LOW): By directing the agent to ingest and act upon data from external sources (npm package metadata and SaaS descriptions), the skill creates an attack surface where instructions embedded in third-party package descriptions could potentially influence the agent's behavior.
- [COMMAND_EXECUTION] (SAFE): The skill does not contain direct shell commands or subprocess execution calls; it focuses on architectural principles and code style.
Audit Metadata