sdd-propose
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through the ingestion of untrusted external content. 1. Ingestion points: The skill reads from a dynamic 'skill-registry', 'exploration analysis' from previous steps, and direct user descriptions in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to disregard embedded commands are used when processing these inputs. 3. Capability inventory: The skill can write to the local filesystem (proposal.md) and the agent's memory (mem_save). 4. Sanitization: There is no evidence of validation, filtering, or escaping for the ingested content.
Audit Metadata