cdd-audit-and-implement
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: The skill uses a human-in-the-loop design requiring explicit user approval before applying plans (Step 10) or implementing code (Step 12), ensuring the user retains control over all file modifications.
- [SAFE]: The YAML frontmatter includes
disable-model-invocation: true, which is a security hardening measure that restricts the agent's autonomous tool usage. - [NO_CODE]: No executable scripts or binary files are shipped with this skill; it consists entirely of instructional markdown and configuration files.
- [PROMPT_INJECTION]: The skill processes external audit findings, which presents a surface for indirect prompt injection.
- Ingestion points: Audit items provided via user input or file path in
SKILL.md(Flow A, Step 2). - Boundary markers: Absent; findings are used directly to shape the implementation plan without explicit isolation instructions.
- Capability inventory: File system modification and code implementation in
SKILL.md(Steps 11 and 14). - Sanitization: Absent; the skill relies on the interactive planning phase for validation.
- Assessment: This is a low-risk observation as the workflow mandates two separate human approvals before any changes are finalized or executed.
Audit Metadata