gadd-design
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were found. The skill follows best practices for human-in-the-loop operations.
- [INDIRECT_PROMPT_INJECTION]: The skill processes PRDs and triage outcomes to generate design documents. While it lacks explicit sanitization or boundary markers for this external data, the risk is mitigated by the skill's limited capabilities (documentation writing only) and the requirement for explicit human approval (/gadd:approve) for all outputs. Evidence Chain: 1. Ingestion points: Work Item ledger (PRD, triage), repo code, and ADRs; 2. Boundary markers: None; 3. Capability inventory: File-write (sdd.md, ADRs), ledger updates; 4. Sanitization: None.
Audit Metadata