Skills
skills/affaan-m/ecc/agent-architecture-audit/Gen Agent Trust Hub

agent-architecture-audit

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's primary function is to analyze untrusted external data from codebases and logs, presenting a surface for indirect prompt injection.
  • Ingestion points: The auditing workflow defined in SKILL.md (Phase 2: Evidence Collection) directs the agent to read and search through various files in a target application.
  • Boundary markers: There are no instructions for the agent to use delimiters or specifically ignore embedded prompts when processing the content of these files.
  • Capability inventory: The skill is granted extensive capabilities, including Read, Write, Edit, and Bash access (listed in the SKILL.md frontmatter).
  • Sanitization: The workflow lacks specific steps for sanitizing or validating the contents of the files before they are ingested into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:50 AM
Security Audit — agent-trust-hub — agent-architecture-audit