sdd-riper-one
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security posture by explicitly forbidding high-risk operations such as
git clean -fdxto prevent accidental data loss, as documented in the Global Safeguards ofSKILL.md.- [SAFE]: The skill includes explicit instructions for the agent to avoid leaking sensitive information, specifically stating inSKILL.mdandreferences/skill-injection-check.mdthat local memory, traces, database files (SQLite/Milvus), and API keys must not be submitted.- [COMMAND_EXECUTION]: The skill utilizes two Python scripts,scripts/archive_builder.pyandscripts/default_prompt_check.py, for legitimate maintenance tasks. These scripts use standard Python libraries to read and write local markdown files and project configuration documents (e.g.,AGENTS.md,CLAUDE.md). Whiledefault_prompt_check.pycan modify project instructions, the skill documentation emphasizes that this must only occur after explicit user approval.- [PROMPT_INJECTION]: The skill's architecture naturally mitigates indirect prompt injection risks by enforcing a human-in-the-loop workflow. While the agent processes untrusted external data such as requirement documents (build_context_bundle) or log files (debug), the mandatory 'Plan Approved' gate and 'Review' phase ensure that any potentially malicious instructions embedded in that data are reviewed by a human before code execution.
Audit Metadata