sdd-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate task-breakdown activities using internal tool calls (mem_search, mem_save). Behavior aligns with the stated purpose of organizing development workflows.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input from design and specification documents. While it lacks explicit sanitization, the risk is minimal given the output is restricted to markdown checklists. 1. Ingestion points: Retrieves proposal, spec, and design content via mem_get_observation in SKILL.md. 2. Boundary markers: Absent; no specific delimiters or ignore-instructions are used when interpolating document content. 3. Capability inventory: The skill can call mem_save and write files to the openspec/changes/ path. 4. Sanitization: Absent; the skill does not validate the content of retrieved observations before processing.
Audit Metadata