ddd-guide
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill implements a 'File Crawling' technique that requires the agent to read and process every file in a codebase.\n
- Ingestion points: Systematically reads all files discovered via
findcommands inreferences/phases/03-implementation-planning.mdandreferences/core-concepts/file-crawling.md.\n - Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions found within the files being processed.\n
- Capability inventory: The agent is given capabilities to execute shell commands (
find,git,sed,grep,rm), modify files, and commit changes.\n - Sanitization: Absent. The agent is directed to 'read full file' and 'understand' content to implement code changes.\n- Command Execution (SAFE): The skill provides templates for standard Linux command-line utilities.\n
- Evidence: Uses
find,grep,sed, andgitfor legitimate workflow state management, such as maintaining a checklist in/tmp/checklist.txt. No high-risk operations or privilege escalation attempts were detected.
Audit Metadata