Skills
skills/madebyaris/spec-kit-command-cursor/sdd-implementation/Gen Agent Trust Hub

sdd-implementation

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is designed to systematically read and execute instructions from todo-list.md and plan.md files. This creates a surface for indirect prompt injection if these files are provided by untrusted sources or contains malicious instructions embedded in the project specs.
  • Ingestion points: specs/active/[task-id]/plan.md, spec.md, tasks.md, and todo-list.md.
  • Boundary markers: Absent. The agent is instructed to 'Read entire list before starting' and 'Execute in order' without delimiters to separate instructions from data.
  • Capability inventory: The agent is authorized to generate code, modify the filesystem, and execute the local scripts/progress.sh utility.
  • Sanitization: None. There is no validation or filtering of the content within the task files before the agent attempts to implement the described features.
  • [Command Execution] (SAFE): The skill includes a local utility scripts/progress.sh. Analysis of the script shows it is safe; it uses find and grep with proper quoting to parse local file statuses and does not execute untrusted input or perform network operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 06:39 PM