The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains multiple directive instructions (e.g., 'CRITICAL: Avoid BashOutput Spam', 'NEVER use Read() tool on .json spec files'). These are assessed as operational constraints designed to optimize performance and context window usage rather than attempts to bypass agent safety guidelines.
[COMMAND_EXECUTION]: The skill instructs the agent to use the Bash tool to execute specific commands using a CLI utility (sdd). The commands are well-defined and related to the skill's stated purpose of querying task data and performing fidelity reviews.
[INDIRECT_PROMPT_INJECTION]: The skill's primary workflow involves the ingestion and analysis of external data (implementation files and specifications) which are then processed by AI models (Gemini, Codex, etc.) via the sdd CLI tool. This creates an inherent surface for indirect prompt injection where malicious instructions embedded in the code or specs could influence the review output.
Ingestion points: Implementation files and specification JSON files processed by the sdd CLI.
Boundary markers: Not explicitly defined in the skill instructions; reliance is placed on the CLI tool and underlying AI guardrails.
Capability inventory: Uses the Bash tool to execute sdd CLI commands which perform file analysis and network-based AI consultation.
Sanitization: No specific sanitization or filtering of external content is described in the skill instructions.

sdd-fidelity-review