improve-codebase-architecture

Warn

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses operating system commands (xdg-open, open, or start) to automatically open generated HTML files from the temporary directory in the user's default browser or file manager.
  • [EXTERNAL_DOWNLOADS]: The generated architectural reports load external CSS and JavaScript libraries (Tailwind CSS and Mermaid.js) from public CDNs (tailwindcss.com and jsdelivr.net).
  • [DYNAMIC_EXECUTION]: The skill generates an HTML report that configures the Mermaid.js library with securityLevel: "loose". This setting allows the execution of scripts and processing of certain HTML tags within diagrams. If the codebase being analyzed contains malicious content that is included in a diagram, it could result in Cross-Site Scripting (XSS) when the user opens the generated report.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: The skill reads CONTEXT.md, Architecture Decision Records (ADRs), and explores the wider project codebase via a sub-agent to inform its report content.
  • Boundary markers: None identified.
  • Capability inventory: File system writes to temporary directories, system command execution (open, xdg-open), and the ability to modify project documentation (CONTEXT.md).
  • Sanitization: There is no mention of sanitizing or escaping content retrieved from the codebase before it is embedded into the final HTML report.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 21, 2026, 06:42 AM
Security Audit — agent-trust-hub — improve-codebase-architecture