elixir-architect
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it collects untrusted data and persists it into instruction-heavy files intended to guide subsequent agent operations. This allows an attacker to influence the 'guardrails' and 'philosophies' of the project.
- Ingestion points: User-provided requirements in Phase 1 and parallel research task results in Phase 2.
- Boundary markers: The skill lacks delimiters or 'ignore' instructions when interpolating gathered data into generated files.
- Capability inventory: Extensive file-writing operations across multiple phases (Phases 3 through 6) and the ability to launch subprocess research tasks (Phase 2).
- Sanitization: No sanitization or validation of external inputs is performed before they are written to critical documentation like
CLAUDE.md,NEVER_DO.md, andALWAYS_DO.md. - [COMMAND_EXECUTION]: The skill requests an absolute path from the user for project creation and executes multiple file-writing operations. Without strict path validation, this capability could be exploited to overwrite sensitive system files or configuration if the agent is provided with a malicious absolute path.
Audit Metadata