map-architecture
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from the repository's source code to generate architecture documentation.
- Ingestion points: The agent traverses the codebase to identify screens, interfaces, functions, and data flow patterns as described in Step 3 of the workflow.
- Boundary markers: No specific delimiters or instructions are provided to the agent or its spawned sub-agents to ignore or treat codebase content as data rather than instructions.
- Capability inventory: The skill is capable of writing multiple Markdown files to the filesystem (architecture/ directory) and can delegate tasks to up to three sub-agents, extending the execution context.
- Sanitization: There are no mechanisms mentioned for sanitizing or escaping the content read from the codebase before it is incorporated into the agent's internal model or output artifacts.
Audit Metadata