arch-review
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to generate formatted timestamps for its architecture review reports using thedatecommand. - [DATA_EXPOSURE]: The skill requires access to read local design documents and rule files (e.g., in
.claude/skills/control-tower/rules/). It also hasWritepermissions to create new review reports inspec/arch-review/and automatically update existing specification files in thespec/directory. - [EXTERNAL_DOWNLOADS]: The skill utilizes the
WebSearchtool to research architectural patterns, tradeoffs, and comparisons online to ground its evaluation in industry standards. - [PROMPT_INJECTION]: As the skill ingests and processes untrusted design documents provided by the user, it is theoretically subject to indirect prompt injection. The skill lack specific boundary markers or sanitization logic for this ingested content, though its primary function is to analyze the content rather than execute instructions within it.
- Ingestion points: Design documents and spec files read from the workspace via
Read,Grep, andGlobtools. - Boundary markers: None identified for the processed design document content.
- Capability inventory: Includes
Bashfor timestamps,Writefor saving reports and updating project specs, andAskUserQuestionfor interactive feedback. - Sanitization: No explicit sanitization or filtering of the ingested design document content is described.
Audit Metadata