faion-sdd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent safety or bypass system constraints were detected. The skill uses instructional language consistent with its purpose as a development framework.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or unauthorized network operations were found. The skill includes a 'Constitution' template that explicitly instructs users to avoid committing secrets and to use environment variables for sensitive data.
- [Unverifiable Dependencies] (SAFE): While the documentation mentions several tools (e.g., Spectral, Prism, CodeRabbit), these are referenced as industry-standard tools for development. There are no patterns found that execute remote scripts (e.g., curl | bash).
- [Obfuscation] (SAFE): No Base64 encoding, zero-width characters, or homoglyphs were detected in any of the analyzed files.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process user requirements and stories. However, the risk is mitigated by its 'Quality Gate' system and 'Human Approval' requirements defined in the methodology checklists.
Audit Metadata