architecture-design
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses emphatic instructional framing (e.g., 'MANDATORY IMPORTANT MUST ATTENTION') to enforce strict adherence to the defined architectural workflow and prevent the agent from making autonomous decisions without user consultation. These patterns are used for process control rather than bypassing safety filters.
- [DATA_EXFILTRATION]: The skill contains an indirect prompt injection surface related to its data processing workflow. Findings include:
- Ingestion points: Context is loaded from files in 'plans/' and 'team-artifacts/' (SKILL.md, Step 1).
- Boundary markers: The instructions lack explicit delimiters or sanitization commands when processing content from these external project files.
- Capability inventory: The agent utilizes 'WebSearch', 'TaskCreate', 'AskUserQuestion', and performs file writes to create architecture reports and phase documentation.
- Sanitization: No validation or filtering of artifact content is performed before the data is used to influence the 'WebSearch' queries or final report generation.
Audit Metadata