architecture-reviewer
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script,
scripts/scan_codebase.sh, to analyze the structure, language distribution, and infrastructure configuration of user-provided codebases. This script uses standard Unix utilities (find, grep, wc) and is essential for the skill's primary review functionality. - [INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its primary purpose is to ingest and analyze untrusted external content, such as architecture documents, RFCs, and source code comments.
- Ingestion points: User-provided documentation and codebase files (e.g., SKILL.md Phase 1 and
scripts/scan_codebase.sh). - Boundary markers: While the skill enforces a rigid report template and scoring rubric, it lacks explicit delimiters or instructions to ignore embedded prompts within the analyzed content.
- Capability inventory: The agent has the ability to execute shell scripts and read local file system data.
- Sanitization: There is no evidence of sanitization or filtering logic to prevent the agent from obeying instructions hidden within the data being reviewed.
Audit Metadata