Skills
skills/ctsstc/get-shit-done-skills/gsd-phase-researcher/Gen Agent Trust Hub

gsd-phase-researcher

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources.
  • Ingestion points: Phase descriptions and requirements provided by an orchestrator (SKILL.md, Step 1), and domain research data fetched via WebFetch or Context7 MCP (SKILL.md, Step 5).
  • Boundary markers: The skill uses XML-style tags like <context> and <objective> to delimit inputs, which provides some structural separation.
  • Capability inventory: The skill has access to the Bash tool (local file reading), Write tool (writing to .planning/ directory), and WebFetch (network operations).
  • Sanitization: There is no evidence of explicit sanitization or instructions to ignore commands embedded within the researched content.
  • [COMMAND_EXECUTION]: The skill uses a Bash tool to perform local searches within the project repository.
  • Evidence: Step 4 in SKILL.md demonstrates the use of grep and find to locate authentication patterns and existing implementations in the src/ and .planning/ directories. These operations are read-only and consistent with the skill's primary research purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 12:49 PM