skill-architect
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-defined workflow descriptions to generate instructions for new skills, creating an attack surface for indirect prompt injection where malicious user input could be incorporated into the resulting skill code.
- Ingestion points: User-provided descriptions of workflows, use cases, and triggers during the Discovery and Architecture phases (SKILL.md).
- Boundary markers: No delimiters or "ignore embedded instructions" warnings are utilized when the agent interpolates user input into instructions.
- Capability inventory: The skill uses
present_filesto create and write instructions to a newSKILL.mdfile. - Sanitization: No validation or sanitization of the user-provided workflow content is performed before drafting the instructions.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a provided Python script (
scripts/validate_skill.py) to perform static analysis on generated skill files. This script operates locally and does not perform network operations or execute arbitrary shell commands. - [SAFE]: The author name 'Felipe Rodrigues' in the skill metadata differs from the platform-reported author 'marcioaltoe'. This inconsistency is documented neutrally as it likely reflects template usage or distribution rather than a malicious deception attempt.
Audit Metadata