sodax-build

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is an ideation and documentation tool that conducts an interview to produce markdown files. It explicitly stops before writing application code or performing project scaffolding, ensuring a clear boundary between planning and execution.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch qualitative and quantitative facts from the official 'icon-project/sodax-sdks' repository on GitHub. This operation is limited to data retrieval for documentation purposes and originates from the verified author's infrastructure.
  • [DATA_EXFILTRATION]: The skill defines a restricted output scope by writing product briefs to a dedicated local directory (./product-briefs/). It does not attempt to access sensitive system files, environment variables, or private credentials.
  • [PROMPT_INJECTION]: The skill operates on user-provided data to generate its outputs, which constitutes an indirect prompt injection surface.
  • Ingestion points: User chat input describing goals, features, and target chains (SKILL.md, Stage 1-3).
  • Boundary markers: The skill uses a predefined markdown template (brief-template.md) to structure user inputs, providing contextual separation.
  • Capability inventory: The skill has no capabilities for subprocess execution, dynamic code evaluation, or network POST requests.
  • Sanitization: No explicit sanitization is described, but the risk is mitigated by the skill's lack of executable actions or privileged access.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 05:05 AM
Security Audit — agent-trust-hub — sodax-build