sdd-verify
Warn
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to run arbitrary commands defined in the project'sconfig.yamlfile (keys:verify_commands,verify.test_commands,verify.build_command,verify.type_check_command). This is a high-risk capability if the project configuration is controlled by an untrusted party.\n- [REMOTE_CODE_EXECUTION]: The skill automatically detects and executes scripts from project-controlled files likepackage.json(scripts.test),Makefile, andpytest.ini. This leads to the execution of untrusted code defined in the repository.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external artifacts (specs, designs, and tasks) to generate reports and calculate a pass/fail verdict.\n - Ingestion points: Step 1 reads task, spec, and design artifacts via
mem_searchandmem_get_observation(SKILL.md).\n - Boundary markers: Absent; instructions do not specify the use of delimiters for the ingested data.\n
- Capability inventory: Access to the
Bashtool (Steps 6 and 7) and data persistence viamem_save(Step 10).\n - Sanitization: Absent; content is analyzed directly for correctness and completeness checks.\n- [DATA_EXFILTRATION]: The ability to run arbitrary shell commands defined in project-local configuration files provides a vector for exfiltrating sensitive environment data or local files using standard CLI tools if the project configuration is malicious.
Audit Metadata