sdd-design
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests and processes technical artifacts that may be controlled by external parties.\n
- Ingestion points: Technical proposals and specifications are retrieved via the
mem_get_observationtool from an internal store or read directly from the filesystem (e.g.,proposal.md).\n - Boundary markers: The instructions do not provide explicit boundary markers or directives for the agent to treat the content of these external artifacts as untrusted data.\n
- Capability inventory: The skill possesses capabilities to write to the local filesystem (creating
design.mdin theopenspec/directory) and to persist artifacts in the project's artifact store via themem_savetool.\n - Sanitization: No sanitization or validation logic is defined to inspect the ingested specification content before it is incorporated into the design process.
Audit Metadata