cosmograph
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests untrusted data from the user's codebase.
- Ingestion points: The agent is instructed to read source files, manifests, and project configurations across the repository to identify architectural entities.
- Boundary markers: No specific delimiters or "ignore instructions" warnings are provided to the agent to separate content-to-be-modeled from instructions embedded in code comments or strings.
- Capability inventory: The agent has the capability to read any file in the project and write output to the architecture/output/ directory.
- Sanitization: There is no evidence of sanitization or validation of the extracted labels, symbols, or notes before they are written to the JSON datasets.
- [COMMAND_EXECUTION]: The skill requires the agent to perform extensive file system operations, walking the directory tree and reading various project files to discover architectural metadata.
Audit Metadata