architecture-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation in VIOLATIONS.md includes shell commands using grep to search for architectural violations in the codebase, such as searching for specific class instantiations or database access patterns.
- [PROMPT_INJECTION]: The skill performs analysis on project source code, which acts as a vector for indirect prompt injection where instructions embedded in the analyzed files could influence agent behavior.
- Ingestion points: Local project files, particularly within the lib/ directory, are read via mcp__dart__analyze_files and grep.
- Boundary markers: No specific delimiters or boundary markers are defined to isolate untrusted code content from the analysis instructions.
- Capability inventory: The skill has access to file analysis tools (mcp__dart__analyze_files) and shell command execution (grep).
- Sanitization: There is no evidence of sanitization or validation of the ingested code content before it is processed.
Audit Metadata