sdd-init
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core logic of reading and consolidating data from potentially untrusted project files into its configuration and memory backends.\n
- Ingestion points: The skill reads various technology stack configuration files (e.g.,
package.json,go.mod,pyproject.toml), user-level agent skill definitions (e.g.,~/.claude/skills/*/SKILL.md), and project-specific instruction files (e.g.,CLAUDE.md,.cursorrules,agents.md).\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when the detected content is interpolated into the
config.yamlor registry markdown.\n - Capability inventory: The skill possesses file system write capabilities (creating
openspec/and.atl/structures) and utilizes the platform-nativemem_savetool for state persistence.\n - Sanitization: There is no evidence of sanitization, validation, or escaping of the content ingested from external project files before it is saved to the persistence layer.
Audit Metadata