architecture-review
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates entirely within the local project environment, reading design and architecture documents. All file writing operations are preceded by a user confirmation request via the AskUserQuestion tool.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests and processes untrusted markdown content from project GDDs, ADRs, and stories. This is a low-risk pattern typical of document analysis skills.
- Ingestion points: Markdown files located in design/gdd/, docs/architecture/, and production/epics/.
- Boundary markers: The skill does not implement explicit delimiters or boundary markers when interpolating document content into its processing context.
- Capability inventory: The skill uses Read, Glob, Grep, and Write tools for file operations, and the Task tool for subagent consultation.
- Sanitization: No input sanitization or escaping is performed on the ingested markdown text before it is used for report generation.
Audit Metadata