sdd-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes documents such as proposals, specifications, and designs to create a task list, which presents a surface for indirect prompt injection. Malicious instructions embedded within these source documents could potentially influence the agent's task generation logic.
- Ingestion points: The skill retrieves the full content of proposal, spec, and design artifacts using the
mem_get_observationtool (SKILL.md). - Boundary markers: There are no explicit markers or instructions directing the agent to ignore embedded commands or treat the retrieved content as untrusted data.
- Capability inventory: The skill is capable of writing markdown files to the local filesystem (in the
openspec/directory) and persisting task data to the memory system viamem_save(SKILL.md). - Sanitization: No sanitization, validation, or structural filtering of the source artifact content is performed prior to processing.
Audit Metadata