sdd-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses strong imperative language (e.g., "not negotiable", "not optional", "cannot rationalize your way out") to enforce a specific development process. Although these resemble instruction override patterns, the skill explicitly maintains user control by stating that user instructions have the highest priority and can bypass the workflow.
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection by reading and executing instructions contained within project specification files.
- Ingestion points: OpenSpec artifacts in the openspec/ directory (e.g., proposal.md, design.md, tasks.md).
- Boundary markers: None identified; the agent is instructed to treat these files as the "authoritative spec baseline."
- Capability inventory: The agent can execute CLI commands (/opsx:*), modify the codebase, and write to the file system.
- Sanitization: No sanitization or validation of the content within the specification files is performed before the agent acts on them.
Audit Metadata