ai-pdlc-navigator

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions provide standard shell commands for environment setup, diagram regeneration, and repository maintenance (files: README.md, SKILL.md). These commands are intended for local execution and are aligned with the skill's purpose as a developer workflow aid.
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing untrusted user data to generate documentation artifacts. Ingestion points: User-provided seed vision documents (file: SKILL.md, Path 6). Boundary markers: The skill does not employ specific delimiters to isolate user-provided data from instructions. Capability inventory: The skill possesses the capability to write multiple markdown files and create directories within the user's project (file: SKILL.md). Sanitization: User-provided content is not sanitized before being interpolated into generated files.
  • [SAFE]: The skill is a documentation-centric resource authored by a trusted vendor resource (aws-samples). It incorporates comprehensive security and compliance roles and does not exhibit malicious patterns such as data exfiltration or credential harvesting.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 09:23 AM
Security Audit — agent-trust-hub — ai-pdlc-navigator