skf-refine-architecture
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows a well-defined multi-step process for architecture analysis, including gap detection, issue identification, and improvement suggestions.
- [SAFE]: Project-specific configuration files (config.yaml, preferences.yaml) are correctly used to resolve local paths and parameters within the BMAD framework context.
- [SAFE]: The workflow incorporates state durability by maintaining findings in a local state file, ensuring consistency across long-running analysis sessions.
- [PROMPT_INJECTION]: The skill processes user-provided architecture documents to perform prose-based co-mention analysis. This creates a surface for indirect prompt injection where adversarial text in a document could attempt to influence the agent's logic. This risk is documented as a characteristic of the skill's primary purpose.
- Ingestion points: Architecture documents are ingested from local paths specified by the user in
step-01-init.md. - Boundary markers: The instructions do not employ specific XML tags or delimiters for the ingested prose content.
- Capability inventory: The skill has capabilities for reading and writing files within the project's output and forge data folders.
- Sanitization: No specific sanitization or filtering of the document prose is performed before the integration claim extraction step.
Audit Metadata