gsd-planner
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes content from external documentation and local project files.
- Ingestion points: The skill reads project roadmap, project state, and project history files (e.g., ROADMAP.md, STATE.md) to derive plan tasks. It also uses WebFetch to research external library documentation.
- Boundary markers: The skill uses XML-like structure tags for organizing its output, but it lacks clear security boundaries or instructions to ignore instructions embedded within the data it processes.
- Capability inventory: The skill has access to Bash execution and file write capabilities.
- Sanitization: There is no evidence of content sanitization or validation for the data ingested during planning or discovery phases.
- [COMMAND_EXECUTION]: The skill includes the Bash tool for system interaction.
- Evidence: Tools list includes Bash, Grep, and Glob, which are intended for codebase analysis and verifying task completion within the planning workflow.
- [EXTERNAL_DOWNLOADS]: The skill utilizes network-enabled tools to fetch remote content.
- Evidence: The skill uses WebFetch to retrieve documentation and API details during its discovery process to verify library versions and syntax.
Audit Metadata