sdd-init
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from project files and skill directories without clear boundary markers or sanitization.
- Ingestion points: The skill reads project configuration files (package.json, go.mod, pyproject.toml), project-level instructions (CLAUDE.md, .cursorrules), and other skill definitions (*/SKILL.md) to detect context.
- Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions embedded in the external data being processed.
- Capability inventory: The skill has the capability to write to the file system (.atl/skill-registry.md) and persist state to the agent's long-term memory (mem_save).
- Sanitization: Absent. Content extracted from external files is directly used to generate the registry and project context without validation or escaping.
Audit Metadata