Skills
skills/gentleman-programming/agent-teams-lite/sdd-apply/Gen Agent Trust Hub

sdd-apply

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
  • [COMMAND_EXECUTION]: The skill determines test commands by reading external project files such as package.json (scripts.test) and config.yaml (rules.apply.test_command). This creates a risk where a malicious repository could cause the agent to execute arbitrary shell commands.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: reads tasks.md, spec.md, design.md, and config.yaml to guide implementation logic. 2. Boundary markers: no explicit delimiters or instructions to ignore embedded commands are specified for these inputs. 3. Capability inventory: filesystem access, memory persistence via mem_save/mem_update, and shell command execution for testing. 4. Sanitization: none.
  • [NO_CODE]: The skill consists entirely of markdown instructions and does not include any accompanying script files or binary executables.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 01:27 PM