sdd-tasks
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill performs extensive reading of external project files such as design documents, specifications, and context files (ai-context/, CLAUDE.md, design.md). This creates an indirect prompt injection surface where instructions embedded in these files could influence the agent to generate malicious or incorrect tasks in the final plan.
- Ingestion points: Multiple files including
ai-context/,CLAUDE.md,openspec/specs/,design.md, andproposal.md. - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the source files.
- Capability inventory: File reading and writing to
tasks.md; no direct command execution capabilities are utilized. - Sanitization: None; the agent is instructed to treat the loaded content as an authoritative behavioral contract or enrichment.
Audit Metadata