sdd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes shell commands to manage the development environment, specifically
mkdir -pfor creating specification directories andgit worktreefor creating isolated prototyping environments. It also instructs the agent to run verification commands liketsc,lint, andtest. These are standard tools in a software development workflow and are triggered in a controlled, multi-phase process. - PROMPT_INJECTION (LOW): The skill is potentially vulnerable to indirect prompt injection because it ingests untrusted user input (feature descriptions) to drive the specification and implementation phases. However, the risk is inherent to the skill's primary purpose as a development assistant.
- Ingestion points: User descriptions of features or tasks used to initialize the SDD workflow in Phase 1.
- Boundary markers: Absent; the skill does not define specific delimiters for user input, relying on the agent's internal logic to parse the description.
- Capability inventory: Directory creation (
mkdir), git management (git worktree), and execution of local development tools (tsc,lint,test). - Sanitization: None; the agent is expected to interpret user intent directly to create documentation and plans.
Audit Metadata