doc-brd-validator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs local command execution by invoking Python scripts (validate_brd.py, validate_cross_document.py) and shell commands like grep to validate document schemas and integrity. These executions are confined to the local filesystem and utilize paths within the vendor's repository structure (ai_dev_ssd_flow/).
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection attack surface (Category 8). * Ingestion points: The skill parses Markdown files and YAML metadata from the docs/01_BRD/ directory for validation. * Boundary markers: No explicit delimiters or instructions to ignore embedded instructions within the processed documents are defined. * Capability inventory: The skill executes local Python and shell subprocesses as part of its core validation logic. * Sanitization: No sanitization or content filtering is applied to the document content prior to the validation process.
Audit Metadata