sdd-init
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection as it reads and processes multiple untrusted project-level files to build its configuration and skill registry.
- Ingestion points: Reads
package.json,go.mod,pyproject.toml,agents.md,CLAUDE.md,.cursorrules, and other project metadata files inSKILL.md. - Boundary markers: None identified; detected context is directly interpolated into
openspec/config.yamland.atl/skill-registry.md. - Capability inventory: Performs file system writes (directory/file creation) and utilizes the
mem_savetool for context persistence as seen inSKILL.md. - Sanitization: No explicit sanitization or validation of the content read from the project files is described.
- [DATA_EXFILTRATION]: The skill scans user-level directories (e.g.,
~/.claude/skills/,~/.config/opencode/skills/) to build a skill registry. While this involves reading from the home directory, the behavior is constrained to specific tool-related subdirectories and used only for local configuration purposes, not external transmission.
Audit Metadata