sdd-slim-plan-learning
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill analyzes external codebases and online repository links to generate learning plans. This represents an indirect prompt injection surface where malicious instructions hidden in the target code could attempt to influence the agent.
- Ingestion points: The skill ingests untrusted data from reference projects and online links as specified in
specify.md. - Boundary markers: The skill employs subagent isolation. The
prompts/module-subagent-task-prompt.mdenforces a structured output format and explicitly forbids the subagent from returning raw search output, which provides a layer of protection against direct injection of malicious instructions into the main context. - Capability inventory: The skill is limited to reading files (via subagent) and writing documentation within the
.sdd-slim/directory. It does not perform unauthorized network operations or execute arbitrary system commands. - Sanitization: The architecture uses role separation (main agent vs. research subagent) and strict template-based output to mitigate the risks associated with processing untrusted external content.
Audit Metadata