data-architecture
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- Project Codebase Analysis: The skill analyzes local source code and configuration files to identify ORM entities, database drivers, and connection settings. This is standard behavior for an architecture assessment tool.
- Identification of Sensitive Data Handling: The instructions explicitly task the agent with identifying sensitive data categories such as PII, PHI, or PCI to document existing security controls or their absence. These findings are stored locally in the project's
.githubdirectory to support security auditing. - Local File Generation: The skill generates documentation in markdown format and saves it to a specific file path within the repository. It does not perform network operations or exfiltrate data to external servers.
- Indirect Prompt Injection Surface: By analyzing untrusted project files, the skill has an inherent exposure to indirect prompt injection. This is a common consideration for tools that process external source code, and the skill's activities remain focused on its primary objective of documentation.
Audit Metadata