sdd-workflow
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a procedural development workflow focused on specification management and execution routing. It does not contain any executable code, network operations, or sensitive data access patterns.
- [PROMPT_INJECTION]: No malicious injection patterns or safety bypasses were detected. The skill includes an explicit instruction to prioritize the user's direct requests, ensuring the agent remains under user control even if the workflow is bypassed.
- [EXTERNAL_DOWNLOADS]: The skill mentions external tools and command-line interfaces such as 'openspec' and '/opsx', but it does not provide URLs or instructions to download these from untrusted sources. These are treated as existing environment-specific tools.
- [DATA_EXFILTRATION]: No patterns associated with data exfiltration or harvesting of sensitive credentials (e.g., .ssh, .aws, .env) were found. The skill operates exclusively on project artifacts in the 'openspec/' directory.
Audit Metadata