Skills
skills/flight505/claude-project-planner/architecture-research/Gen Agent Trust Hub

architecture-research

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions to execute a local Python script (generate_schematic.py) via the Bash tool to automate diagram generation. This script is part of an integrated diagramming skill and operates on local paths.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core function of researching external technology documentation.
  • Ingestion points: Untrusted data is retrieved from external websites using WebSearch and WebFetch tools as specified in SKILL.md.
  • Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the researched content.
  • Capability inventory: The skill has access to Bash, Write, and Edit tools, which could be targeted if the agent follows instructions found in external data.
  • Sanitization: There is no mention of sanitizing or filtering the content retrieved from the web before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 11:16 AM