using-sdlc-engineering
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by instructing the agent to process data from external local configuration files.
- Ingestion points: The agent is directed to check
CLAUDE.mdfor CMMI maturity level configuration. - Boundary markers: The instructions lack specific delimiters or safety guidelines to differentiate configuration data from executable instructions.
- Capability inventory: The skill is designed to load and delegate tasks to other specialist skills within the axiom-sdlc-engineering skillpack.
- Sanitization: No validation or sanitization protocols are defined for the data ingested from the configuration file.
- [NO_CODE]: The skill consists entirely of markdown documentation and routing logic and does not include any accompanying Python scripts, Node.js packages, or shell commands.
Audit Metadata