architecture-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/analyze-project.jsuseschild_process.spawnto execute package managers (npm,yarn,pnpm) with the--versionflag. This is done to determine the version of the environment tools as part of the architecture analysis. The command strings are derived from a static mapping based on the presence of lock files. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests untrusted data from the local filesystem during project analysis.
- Ingestion points: Project configuration files (e.g.,
package.json,tsconfig.json,next.config.js) and directory names are read usingfs.readFileandfs.readdirinscripts/analyze-project.jsand various detectors. - Boundary markers: Absent. The generated Markdown and summary reports include data extracted from these files without explicit delimiters or instructions for the AI to ignore potentially embedded commands.
- Capability inventory: The skill has the capability to read any file within the provided project path and write analysis reports to disk via
fs.writeFileSync. It also has limited command execution capabilities viaspawn. - Sanitization: The content extracted from the files is parsed as JSON or processed as strings but is not sanitized to prevent its contents from being interpreted as instructions by a downstream LLM.
Audit Metadata