gdd
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to automate project workflows, including Git operations (pull, push, commit, checkout), running test suites (e.g., npm test, rspec), and executing linters (e.g., eslint, rubocop). - [DATA_EXFILTRATION]: As part of the 'pack-up' phase, the skill pushes code changes to remote repositories and creates Pull Requests using the
ghCLI tool. - [PROMPT_INJECTION]: The skill processes data from external sources that could potentially contain malicious instructions intended to influence the agent's actions.
- Ingestion points: Task metadata and descriptions are fetched from Jira issues and visual context is retrieved from Figma designs in sub-skills/init/SKILL.md and sub-skills/plan/SKILL.md.
- Boundary markers: No explicit delimiters or instructions are used to treat content from Jira or Figma as untrusted.
- Capability inventory: The skill possesses extensive capabilities including file system modification (Write, Edit), shell execution (Bash), and the ability to spawn sub-agents (Agent).
- Sanitization: Content from external sources is not sanitized or validated before being used to generate implementation plans or execute code.
Audit Metadata