sdd-slim-plan
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it fetches and processes content from external URLs and user-provided text. \n
- Ingestion points: Requirements are fetched from external URLs (specifically targeting domains like wiki.17u.cn and toca.17u.cn) and user input as described in the requirement-archive-prompt.md. \n
- Boundary markers: The prompt templates organize content into structured sections but do not include explicit instructions for the agent to disregard potential commands embedded within the retrieved external text. \n
- Capability inventory: The agent can write markdown files to the local .sdd-slim/ directory and task subagents with codebase exploration based on the ingested requirements. \n
- Sanitization: No explicit sanitization logic or content filtering for the retrieved requirement data is defined in the instructions. \n
- Mitigation: The potential risk is effectively mitigated by the skill's mandatory human-in-the-loop protocol. Every requirement point (P*) and proposed execution approach (HOW) must be explicitly confirmed by the user via the askquestion tool before any implementation tasks are generated.
Audit Metadata