architect
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from a project's codebase to generate architectural assessments. An attacker could embed malicious instructions in code comments or metadata to influence the analysis results or subsequent actions.
- Ingestion points: The skill reads arbitrary files from the project root during the Sweep (Phase 2) and Deep Dive (Phase 3) phases as described in
SKILL.md. - Boundary markers: The prompts used to dispatch subagents (e.g., in Step 2 and Step 3 of Phase 2/3) do not utilize explicit boundary markers or instructions to ignore embedded commands within the analyzed code.
- Capability inventory: The skill possesses the capability to execute shell commands via
scripts/architect.sh, write files to the local system, and performgit pushoperations. - Sanitization: There is no logic present to sanitize, escape, or validate the content of the files being analyzed before they are processed by the subagents or included in the final assessment artifact.
- [COMMAND_EXECUTION]: The skill executes a local bash script (
scripts/architect.sh) and uses standard Git commands for project detection, state management, and committing results. This is core to its architectural review functionality. - [DATA_EXFILTRATION]: The skill automatically performs
git pushto upload the generated architecture assessment to the project's remote repository. This is an intentional feature for documenting architecture within the repository but represents an automated network operation.
Audit Metadata