Skills
skills/giuseppe-trisciuoglio/developer-kit/sdd-init/Gen Agent Trust Hub

sdd-init

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill populates a knowledge-graph.json file with metadata derived from the local filesystem, creating an indirect prompt injection surface for other skills that consume this data.
  • Ingestion points: File and directory names detected via ls and find commands in SKILL.md.
  • Boundary markers: Absent; filesystem metadata is interpolated directly into JSON placeholders.
  • Capability inventory: The skill utilizes Bash for discovery and Write/Edit for creating project artifacts.
  • Sanitization: Absent; there is no validation or escaping of the detected strings before they are persisted to the JSON knowledge graph.
  • [DATA_EXFILTRATION]: The skill explicitly searches for the presence of sensitive environment files (e.g., .env) during project initialization. While it only identifies the existence of these files to establish project conventions and does not read their content or perform network operations, this behavior maps the locations of sensitive credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:23 PM
Security Audit — agent-trust-hub — sdd-init