sdd-spec-gc
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill incorporates a robust safety model featuring a dry-run reporting phase and an explicit user confirmation gate (Step 4) that must be passed before any file modifications are applied.
- [COMMAND_EXECUTION]: Uses grep or ripgrep for codebase searches to detect orphaned references (Step 2). This is a read-only discovery operation conducted on local project files and does not involve the execution of untrusted external code.
- [PROMPT_INJECTION]: The skill processes requirement text from local specification files, which constitutes an indirect prompt injection surface. (1) Ingestion points: Requirement blocks are read from openspec/specs//spec.md (Step 2). (2) Boundary markers: Absent; the skill extracts text based on Markdown headers. (3) Capability inventory: The skill can delete identified text blocks from local spec files (Step 5), update a local changelog (Step 6), and run search commands (Step 2). (4) Sanitization: Absent. Note: The risk of indirect injection is mitigated by the fact that the agent treats the requirement text as data to be analyzed or deleted, rather than instructions to be followed, and all actions are subject to user review.
Audit Metadata