sdd-apply
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The agent is instructed to identify and execute test runners based on project configuration files like
package.json,pyproject.toml, or a customconfig.yaml. This is a core functional requirement for the implementation cycle to verify code changes.\n- [PROMPT_INJECTION]: The skill loads instructions from external project artifacts and a skill registry, creating a surface for indirect prompt injection if those files contain adversarial content.\n - Ingestion points: Reads instructions from
tasks.md,.atl/skill-registry.md, and architectural artifacts (spec, design, proposal) retrieved from the memory store.\n - Boundary markers: The instructions do not specify delimiters or constraints for the content of these external files.\n
- Capability inventory: The agent can perform memory updates, save new observations, and execute shell commands identified as test runners.\n
- Sanitization: There is no documented logic for sanitizing or filtering instructions retrieved from external project-controlled files before they are followed.
Audit Metadata