sdd-archive
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves and processes external artifacts (proposals, specs, designs) via the mem_get_observation tool. It lacks explicit boundary markers or instructions to treat this content as data only, creating a surface for indirect prompt injection. Malicious instructions embedded within these artifacts could potentially influence the agent's behavior during the merge or archival process. * Ingestion points: mem_get_observation calls in SKILL.md used to retrieve artifacts for merging. * Boundary markers: Absent; no delimiters are used to wrap the retrieved content. * Capability inventory: The skill has file system write access to the openspec/ directory and memory write access via mem_save. * Sanitization: Absent; the skill does not specify any validation or filtering of the retrieved content before it is merged into the main specifications.
Audit Metadata