improve-codebase-architecture
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
gh issue createcommand to programmatically create issues on GitHub based on generated design RFCs. - [DATA_EXFILTRATION]: The instructions explicitly direct the agent to skip human review before creating issues ("Do NOT ask the user to review before creating — just create it"). This autonomous behavior could result in the external transmission of sensitive codebase details or architectural analysis without explicit user approval.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) due to the ingestion and processing of untrusted codebase content.
- Ingestion points: Files throughout the codebase are read and analyzed during the exploration phase in Step 1.
- Boundary markers: None; there are no instructions providing delimiters or warnings to ignore malicious content embedded within the analyzed files.
- Capability inventory: The skill has the ability to spawn multiple sub-agents in parallel and perform write operations to an external service (GitHub).
- Sanitization: There is no evidence of sanitization or validation of the ingested codebase content before it is used to drive sub-agent tasks or included in the final issue report.
Audit Metadata