Skills
skills/tylerburleigh/claude-sdd-toolkit/sdd-plan-review/Gen Agent Trust Hub

sdd-plan-review

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute sdd toolkit CLI commands, such as sdd review and sdd list-review-tools. The documentation provides specific instructions to the agent on how to manage long-running operations safely, recommending foreground execution with a 5-minute timeout (timeout=300000) and discouraging excessive polling of background processes (SKILL.md).
  • [PROMPT_INJECTION]: The skill processes potentially untrusted specification files as input for multi-model consultation, creating a surface for indirect prompt injection.
  • Ingestion points: Specification files in Markdown or JSON format are ingested from the specs/ directory and passed to AI models (gemini, codex, cursor-agent) via the sdd review command (SKILL.md).
  • Boundary markers: Absent; the instructions do not mandate the use of delimiters or explicit boundary instructions to prevent the models from following commands embedded within the specifications.
  • Capability inventory: The skill uses the Bash tool to execute CLI commands and generates report files in the local file system (SKILL.md).
  • Sanitization: No sanitization or content validation for the input specifications is mentioned before they are processed by the external AI models.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 10:15 AM