sdd-new
Fail
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's 'Skill Resolution' logic prioritizes project-local skill files ('.claude/skills/') over global ones. This allows a malicious repository to shadow legitimate sub-agent instructions with attacker-controlled content, effectively hijacking the sub-agent's execution flow.\n- [PROMPT_INJECTION]: Sub-agents are explicitly instructed to read local files and 'Follow its instructions exactly'. This creates a critical indirect prompt injection vector where content from files in the current (potentially untrusted) working directory can take total control of sub-agent behavior.\n- [DATA_EXFILTRATION]: The skill provides sub-agents with the absolute path of the current working directory and instructions to access the user's home directory (~/.claude/skills/). This exposure, combined with the potential for skill hijacking via local overrides, could lead to the theft of sensitive information or credentials from the user's environment.
Recommendations
- AI detected serious security threats
Audit Metadata