faion-sdd-execution
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection as it ingests untrusted data from documentation files and interpolates it into agent prompts.
- Ingestion points: Files like
spec.md,design.md, andTASK_*.mdare loaded in theworkflow-execution-phase/README.mdlogic. - Boundary markers: Explicit boundary markers or "ignore embedded instructions" warnings are absent in the sub-agent prompt templates.
- Capability inventory: The skill has access to sensitive tools including
Write,Edit, andBash(ls:*)via the orchestrator. - Sanitization: There is no evidence of sanitization or escaping of the ingested document content before it is processed by the agents.
- Dynamic Execution (SAFE): The skill dynamically generates and executes task files based on implementation plans. This behavior is the primary intended purpose of the skill and is conducted using local data and structured templates, posing minimal risk in its intended context.
Audit Metadata