architecture
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses the user-provided
$ARGUMENTSvariable to construct file paths (e.g.,docs/<feature-name>/requirements.md) without validation. This creates a potential path traversal vulnerability where a malicious user could attempt to read or write files outside the intended directory by providing a string like../../etc/passwd.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external files and processes it as part of its reasoning process without isolation.\n - Ingestion points: The agent reads the requirements document from the local filesystem at
docs/<feature-name>/requirements.md.\n - Boundary markers: None. The skill does not instruct the agent to use delimiters or ignore instructions that may be embedded within the requirements file.\n
- Capability inventory: The agent requires file system read and write permissions to generate the architecture document.\n
- Sanitization: None. There is no evidence of validation or sanitization for either the user-supplied argument or the content of the requirements file before it is processed by the AI.
Audit Metadata