sdd-verify
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill identifies and executes test and build commands from standard project files such as package.json, pyproject.toml, Makefile, and openspec/config.yaml. This is essential for its primary purpose of behavioral verification.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the repository being verified, including specifications, design documents, and test outputs. This presents a surface for indirect prompt injection. (1) Ingestion points: mem_get_observation calls, local openspec files, and stdout from test/build commands. (2) Boundary markers: None explicitly defined to separate untrusted data from instructions. (3) Capability inventory: Ability to save artifacts via mem_save and execute shell commands via detected test runners. (4) Sanitization: No explicit sanitization or filtering of external content is mentioned before processing.
Audit Metadata