sdd-translate
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in Phase 5 ("Schema Snapshot") direct the agent to execute shell commands specified in a local configuration file (
.specs/.sdd/schema-config.yaml). If this configuration file is maliciously crafted or modified by an attacker, the agent may execute arbitrary code on the host system when attempting to generate schema snapshots. - [PROMPT_INJECTION]: The skill's core function is to read and process untrusted external data (Jira tickets, Confluence pages, Word docs, etc.). These sources could contain malicious instructions designed to hijack the agent's behavior during the translation process (Indirect Prompt Injection). The skill lacks explicit boundary markers or sanitization instructions to prevent the agent from obeying instructions embedded within the source documents.
- [DATA_EXPOSURE]: Phase 1 involves reading 'all source files' which may include sensitive internal documentation or requirements. While this is necessary for the skill's function, users should ensure the agent's access is restricted to the relevant project directories.
Audit Metadata