sdd-propose
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting data from multiple untrusted sources without sufficient safeguards.\n
- Ingestion points: The skill reads all markdown files within the
ai-context/features/directory (Step 0b) and architectural documentation fromai-context/architecture.md(Step 1). It also retrieves prior data from the engram memory service viamem_searchandmem_get_observation(Steps 1, 3a, 5).\n - Boundary markers: No delimiters or instruction-ignore warnings are specified to separate external data from the agent's core instructions during the proposal generation process.\n
- Capability inventory: The skill has the capability to write to the system's memory service using the
mem_savetool (Step 3b).\n - Sanitization: There is no evidence of validation, escaping, or filtering applied to the content retrieved from local files or memory before it is processed by the model.
Audit Metadata