lld-writer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No direct prompt injection or safety bypass instructions were found. The skill does process external data (design documents), which presents an indirect injection surface; however, this is inherent to its primary purpose.
- Ingestion points: Reads local files including PRD, HLD, Contract, Guardrails, and ADR.
- Boundary markers: Not specified in the current instructions.
- Capability inventory: Limited to text generation and progress tracking via local tools.
- Sanitization: Not explicitly mentioned.
- [DATA_EXFILTRATION]: The skill accesses local design files for context as intended. There are no network operations, external URLs, or hardcoded credentials detected that would facilitate exfiltration.
- [COMMAND_EXECUTION]: The skill uses local tracking (TodoWrite) and file discovery (Glob) mechanisms. It does not attempt to execute arbitrary shell commands, script downloads, or privilege escalation.
Audit Metadata