Skills
skills/ahgraber/skills/sdd/Gen Agent Trust Hub

sdd

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a find command fallback (find . -type d -name ".specs" -maxdepth 4) to locate configuration directories within the project structure.
  • [COMMAND_EXECUTION]: The documentation for the SDD framework identifies a configuration file (schema-config.yaml) that allows for the execution of user-defined shell commands for tasks like database schema extraction or API documentation generation.
  • [EXTERNAL_DOWNLOADS]: The skill references and attributes source material to the Fission-AI/OpenSpec repository on GitHub, which is a well-known service for software development.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process development artifacts (such as tasks.md and proposal.md) that could contain embedded instructions. Ingestion points: Local files within the .specs/ directory; Boundary markers: None specified; Capability inventory: File system discovery and execution of configured extraction commands; Sanitization: No specific content validation logic described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 12:44 PM