implementing-architecture
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute a local Python utility script:
python3 ~/.codex/arch-compiler/tools/archcompiler_preflight.py --app-repo <app-repo> --mode implement. This script is intended for environment verification but involves running code from a local directory. - [PROMPT_INJECTION]: The skill processes external, potentially untrusted documentation and configuration files to guide code implementation, which presents an indirect prompt injection surface.
- Ingestion points: Architectural artifacts (
architecture.yaml,selected-patterns.yaml,patterns/*.json) and external functional requirements sources (design docs, user stories). - Boundary markers: There are no specified instructions to wrap or delimit these inputs to prevent them from influencing the agent's behavior.
- Capability inventory: The agent can write application code, generate plans, and execute local shell commands.
- Sanitization: The instructions do not mention sanitizing or validating the content of the ingested documentation files.
Audit Metadata