easysdd-guidedoc
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script,
easysdd/tools/search-yaml.py, to query and filter metadata from existing documentation in the project'sdocs/directory. This operation is limited to searching local files for metadata-driven organization. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests and processes project source code and design specifications to generate documentation.
- Ingestion points: Project source code and internal design specifications (spec files).
- Boundary markers: No specific delimiters are defined in the instructions to isolate processed data from the agent's instructions.
- Capability inventory: The skill has the capability to write and modify files within the project's
docs/directory. - Sanitization: The workflow includes a mandatory user review checkpoint (Step 4) where the agent must present the drafted documentation to the user for confirmation and accuracy verification before any file-write operations (Step 5) occur.
- [DATA_EXFILTRATION]: While the skill reads local source code and project data to fulfill its purpose, no network operations or external data transmission patterns were identified. Access is restricted to the local file system for documentation management.
Audit Metadata