ol-sdd-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a migration utility that performs repository refactoring using commands like
git mvandrmdir. These operations are limited to specific legacy directories and are subject to an explicit user approval gate after a preview plan is generated. - [DATA_EXFILTRATION]: The orchestrator publishes project metadata, specifications, and implementation logs to Atlassian services (JIRA and Confluence). This is the core functionality of the skill and targets well-known professional services.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it reads project state from repository files and external JIRA/Confluence content to determine the next workflow step and delegate tasks to specialized skills.
- Ingestion points: Local files within the
documentation/directory, JIRA issue fields and comments, and Confluence pages. - Boundary markers: The skill implements an 'Approval Gate Pattern' requiring explicit user confirmation before advancing between phases or executing migration plans.
- Capability inventory: Invokes specialized agent skills, performs git renames, and executes read/write operations against JIRA and Confluence APIs via the Atlassian MCP.
- Sanitization: No explicit sanitization or escaping of external content (e.g., from JIRA comments) is detailed prior to its use in workflow decision-making.
Audit Metadata