sdd
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by instructing the agent to use untrusted user input (task descriptions and IDs) to perform file system operations and generate documentation.\n
- Ingestion points: User task requests and task descriptions used for folder naming in
SKILL.md.\n - Boundary markers: Absent; the workflow does not define delimiters or instructions to ignore embedded commands in user-provided data.\n
- Capability inventory: The skill uses
mkdir -pfor directory creation andnpm testfor verification, as seen inSKILL.mdandreferences/tasks.md.\n - Sanitization: Absent; the instructions do not specify validation or escaping of user input before it is used in shell commands.\n- [COMMAND_EXECUTION]: The skill directs the agent to execute standard development commands, specifically
mkdir -pto scaffold documentation structures andnpm testto verify implementation. These actions are aligned with the skill's primary purpose but rely on input derived from user requests.\n- [NO_CODE]: The skill consists entirely of markdown documentation and contains no executable scripts or binaries.
Audit Metadata