Skills
skills/gentleman-programming/sdd-agent-team/sdd-verify/Gen Agent Trust Hub

sdd-verify

Warn

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically identifies and executes shell commands for building and testing. It prioritizes commands found in openspec/config.yaml (test_command, build_command) and falls back to standard runners in package.json, pyproject.toml, or Makefile.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the workspace to determine its execution flow.
  • Ingestion points: Reads tasks.md, design.md, specs/, and configuration files (package.json, openspec/config.yaml).
  • Boundary markers: Absent; instructions in these files are treated as trusted parameters for verification logic.
  • Capability inventory: Executes arbitrary shell commands and performs file system search/read/write operations.
  • Sanitization: No validation or escaping is performed on the command strings or file paths retrieved from the workspace.
  • [REMOTE_CODE_EXECUTION]: The skill instructions include a step to dynamically load additional skills from a path provided in the launch prompt (Step 1: Load Skills), which constitutes dynamic loading from a computed path.
  • [COMMAND_EXECUTION]: The skill uses mem_save to persist verification reports, which involves writing potentially untrusted execution output back to the system's memory or filesystem depending on the mode.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 25, 2026, 10:38 PM