improve-codebase-architecture
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and analyze external codebase content, including source files, ADRs, and documentation. This creates a potential vector for indirect prompt injection if malicious instructions are embedded within the project files being analyzed. \n
- Ingestion points: The workflow involves reading CONTEXT.md, ADRs, and walking the codebase organically. \n
- Boundary markers: No specific delimiters or 'ignore instructions' warnings are present to isolate analyzed code from agent instructions. \n
- Capability inventory: The skill allows access to high-privilege tools such as Bash, Write, and Edit (defined in allowed-tools), which could be exploited if the agent follows instructions hidden in the data. \n
- Sanitization: No sanitization or validation of the ingested code content is performed before processing. \n- [COMMAND_EXECUTION]: The skill requests and utilizes the Bash tool to perform codebase analysis. While this is within the scope of its stated purpose (architectural analysis), it represents a high-capability tool that increases the potential impact of other vulnerabilities such as indirect prompt injection.
Audit Metadata