architecture

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses the user-provided $ARGUMENTS variable to construct file paths (e.g., docs/<feature-name>/requirements.md) without validation. This creates a potential path traversal vulnerability where a malicious user could attempt to read or write files outside the intended directory by providing a string like ../../etc/passwd.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external files and processes it as part of its reasoning process without isolation.\n
  • Ingestion points: The agent reads the requirements document from the local filesystem at docs/<feature-name>/requirements.md.\n
  • Boundary markers: None. The skill does not instruct the agent to use delimiters or ignore instructions that may be embedded within the requirements file.\n
  • Capability inventory: The agent requires file system read and write permissions to generate the architecture document.\n
  • Sanitization: None. There is no evidence of validation or sanitization for either the user-supplied argument or the content of the requirements file before it is processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 07:30 PM
Security Audit — agent-trust-hub — architecture