sdd-pr
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bash()tool to interact with thegh(GitHub CLI) andsdd(Spec-Driven Development toolkit) utilities. These operations are essential for its function and follow prescribed safety timeouts. - [DATA_EXFILTRATION]: The skill reads local repository data, including git diffs, commit messages, and journal entries. This information is processed to generate pull request descriptions which are then transmitted to the git host. This activity is transparently described as the core purpose of the skill.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it analyzes data from external sources (git history and journal entries) that could contain malicious instructions. This risk is effectively mitigated by the skill's design, which requires the agent to display the draft PR to the user and obtain explicit approval before proceeding with the
create-prcommand.
Audit Metadata