gravito-architect
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves a legitimate purpose for software development by providing templates and checklists for technical architecture analysis. It helps developers document logic, API interfaces, and design decisions using structured templates.
- [COMMAND_EXECUTION]: The skill instructions utilize 'Read' and 'Glob' tools to access local files within the user's workspace. These tools are used to ingest source code, type definitions, and test cases necessary for generating technical documentation.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted data from local files.
- Ingestion points: Source code and related files are read into the agent's context during Step 2 of the workflow.
- Boundary markers: No explicit boundary markers or 'ignore' instructions are used when interpolating file content.
- Capability inventory: The skill is limited to reading files ('Read') and searching the file system ('Glob'), with no capabilities for network exfiltration or shell execution.
- Sanitization: No validation or sanitization is performed on the ingested code files before analysis.
Audit Metadata