easysdd-tricks
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill manages a local knowledge base by writing markdown files to a project-specific directory, which is a standard and benign use case.
- [COMMAND_EXECUTION]: The skill integrates with a local utility script,
easysdd/tools/search-yaml.py, to query project metadata. This script belongs to the vendor's own toolset and is used for internal searching. - [PROMPT_INJECTION]: The workflow involves reading local source code in Phase 2 to summarize technical patterns, which creates a surface for indirect prompt injection if the project code contains adversarial instructions.
- Ingestion points: Local repository files searched and read in Phase 2.
- Boundary markers: None specified to distinguish code data from instructions.
- Capability inventory: Local script execution and file writing to the
easysdd/compound/directory. - Sanitization: No explicit content sanitization or validation is mentioned in the workflow.
Audit Metadata