apply-rubric
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks detected. The skill implements a structured 'three-pass' evaluation pattern (Extractor, Evaluator, Challenger) which increases the reliability of its analysis and reduces common AI inference weaknesses.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing user-provided architecture artifacts. * Ingestion points: User-supplied architecture artifacts (markdown, PDF, Word) processed in Step 3. * Boundary markers: The prompt templates in references/agent-prompts.md lack explicit delimiters or instructions to disregard embedded commands within artifact content. * Capability inventory: The skill uses an Agent tool to spawn sub-agents and performs file read/write operations for rubric management and report generation. * Sanitization: No explicit sanitization or content validation is performed on the ingested artifacts.
Audit Metadata