Skills
skills/hungv47/product-skills/system-architecture/Gen Agent Trust Hub

system-architecture

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted external data.
  • Ingestion points: The orchestrator reads data from spec.md, prioritize.md, and all files in the .agents/product/flow/ directory using the Glob and Read tools.
  • Boundary markers: The instructions do not define explicit delimiters or 'ignore embedded instructions' warnings for the data ingested from these files before passing them to sub-agents (stack-selection, schema, etc.).
  • Capability inventory: The skill has access to powerful tools including Bash, Read, Grep, and Glob which can be used to modify the filesystem or execute shell commands.
  • Sanitization: There is no evidence of sanitization or filtering of the external markdown content before it is interpolated into agent prompts.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform technical orchestration and artifact generation. While standard for a technical design agent, this capability could be exploited if an attacker provides a malicious product specification designed to trigger command injection via the agent's shell access.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 06:09 PM