sdlc-develop
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a comprehensive Human-in-the-Loop (HITL) system as defined in GATES.md, ensuring that critical architecture decisions and final implementation approvals require explicit user consent via the AskUserQuestion tool.
- [SAFE]: It utilizes evidence-based quality gates (EVIDENCE-GATES.md) that prevent the agent from making completion claims based on cached or assumed state; fresh command output from tools like git, grep, and project-specific test runners is required for every transition.
- [SAFE]: Shell command execution is limited to standard development tasks, such as creating spec directories, running local test suites, and performing codebase analysis using reputable tools (e.g., git, grep, find).
- [SAFE]: The skill follows secure configuration practices by reading project-specific preferences from a local .arkhe.yaml file and using a deterministic Python script (scripts/next_spec_number.py) to manage spec directory numbering.
- [SAFE]: Integration with external functionality is performed through calls to other authorized agent skills (e.g., deep-research, playwright:playwright-cli) rather than downloading and executing unverified remote scripts.
Audit Metadata