scan-backend-patterns
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No security findings identified. The skill instructions follow best practices for documentation generation and limit activities to local file system reads and writes within the project scope. The use of the
TaskCreatetool to manage workflow is a standard operational procedure for this type of agent skill. - [COMMAND_EXECUTION]: The workflow involves searching the repository for specific code patterns (e.g., using grep for interface naming, repository patterns, and entity classes). This operation is necessary for the skill's primary purpose of architectural discovery and is performed on local files.
- [PROMPT_INJECTION]: The skill processes untrusted project data (source code, configuration files), making it theoretically susceptible to indirect prompt injection if an attacker embeds instructions in code comments. However, since the skill's actions are limited to generating documentation and do not involve network exfiltration or code execution, the risk is negligible.
Audit Metadata