sdd-riper-one

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a robust security posture by explicitly forbidding high-risk operations such as git clean -fdx to prevent accidental data loss, as documented in the Global Safeguards of SKILL.md.- [SAFE]: The skill includes explicit instructions for the agent to avoid leaking sensitive information, specifically stating in SKILL.md and references/skill-injection-check.md that local memory, traces, database files (SQLite/Milvus), and API keys must not be submitted.- [COMMAND_EXECUTION]: The skill utilizes two Python scripts, scripts/archive_builder.py and scripts/default_prompt_check.py, for legitimate maintenance tasks. These scripts use standard Python libraries to read and write local markdown files and project configuration documents (e.g., AGENTS.md, CLAUDE.md). While default_prompt_check.py can modify project instructions, the skill documentation emphasizes that this must only occur after explicit user approval.- [PROMPT_INJECTION]: The skill's architecture naturally mitigates indirect prompt injection risks by enforcing a human-in-the-loop workflow. While the agent processes untrusted external data such as requirement documents (build_context_bundle) or log files (debug), the mandatory 'Plan Approved' gate and 'Review' phase ensure that any potentially malicious instructions embedded in that data are reviewed by a human before code execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:08 AM
Security Audit — agent-trust-hub — sdd-riper-one