sdd-modify
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an automated workflow that processes external markdown review reports to generate structured modifications. This creates a surface for indirect prompt injection where adversarial content in a review report could influence the agent's behavior.
- Ingestion points:
sdd parse-reviewreads external markdown files (e.g.,reports/review.md). - Boundary markers: No explicit delimiters are used to wrap the review content during parsing to distinguish data from instructions.
- Capability inventory: Subprocess execution through
sdd verifyand file modification viasdd apply-modifications. - Sanitization: The workflow incorporates a
--dry-runpreview and post-application schema validation, though these rely on user/agent review to catch logical injection. - [COMMAND_EXECUTION]: The modification schema explicitly supports a
commandfield for verification steps. While intended for running tests (e.g.,pytest), this capability allows for the definition and subsequent execution of arbitrary shell commands in the local environment if a modification file is malicious.
Audit Metadata