sdd-explore
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected during the analysis. The skill's behavior is consistent with its stated purpose of project exploration.
- [COMMAND_EXECUTION]: The skill utilizes file system search and read operations to analyze the codebase architecture and logic.
- [DATA_EXFILTRATION]: While the skill accesses project data, it does not communicate with external servers. All artifacts are saved to an internal memory store or local markdown files according to the configured persistence mode.
- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by reading external codebase content and registries (Ingestion points: SKILL.md Step 1 Skill Registry and Step 3 codebase investigation). No boundary markers or sanitization are specified, but capabilities are restricted to internal memory writes and local reporting (Capability inventory: mem_save, file-read). This is assessed as SAFE given the skill's design as an internal analysis tool.
Audit Metadata