sdd-slim-auto
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates the execution of unit tests and end-to-end tests (using Playwright) as part of its verification harness.
- [DYNAMIC_EXECUTION]: The skill dynamically generates or updates test files based on design documents and utilizes subagents to perform automated code repairs, followed by immediate execution for verification.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data such as PRDs, bug reports, and requirement documents to drive code generation and repair actions.
- Ingestion points: Untrusted requirements and bug descriptions are ingested as the primary input for the automation loop.
- Boundary markers: The provided files do not specify delimiters or instructions to prevent the agent from obeying instructions embedded within the requirement documents.
- Capability inventory: The skill has the capability to read/write files, execute shell commands (tests), and control a browser via Playwright.
- Sanitization: No sanitization or validation logic for the input documents is described in the orchestration files.
- [AUTONOMY]: The instructions contain logic to bypass standard human-in-the-loop checkpoints. It explicitly forbids the use of
askquestionduring the implementation and review phases, forcing the agent to make autonomous decisions and proceed without user confirmation once the 'auto' workflow is initiated.
Audit Metadata