Skills
skills/jentic/jentic-api-scorecard/sdd-implement-spec/Gen Agent Trust Hub

sdd-implement-spec

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill automates development workflows by executing Git commands (status, fetch, checkout, commit, push, diff, log) and GitHub CLI commands (auth status, issue list, pr create).
  • [COMMAND_EXECUTION]: The skill identifies and executes arbitrary shell commands for testing and linting extracted from local plan.md and validation.md specification files.
  • [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface (Category 8) because it processes and executes instructions and commands from external specification files without sanitization.
  • [PROMPT_INJECTION]: Ingestion points: Reads from specs/<dir>/plan.md and specs/<dir>/validation.md.
  • [PROMPT_INJECTION]: Boundary markers: None identified.
  • [PROMPT_INJECTION]: Capability inventory: Shell command execution, file system read/write, and network access via Git/GitHub.
  • [PROMPT_INJECTION]: Sanitization: No sanitization or validation of the extracted commands is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 10:33 AM
Security Audit — agent-trust-hub — sdd-implement-spec