gsd-orchestration
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it stores user-provided requirements and discussion outcomes in local files (PROJECT.md, CONTEXT.md) which are then used to generate executable task plans. This 'data-as-instructions' pattern is a known vector for indirect injection.\n
- Ingestion points: .gsd/PROJECT.md, .gsd/phases//CONTEXT.md, and .gsd/phases//PLAN-*.md.\n
- Boundary markers: Uses XML tags (, , ) to delimit instructions within plan files.\n
- Capability inventory: Subagent spawning (Task tool), skill loading (Skill tool), and file operations (Read, Write, Edit).\n
- Sanitization: The skill relies on 'fresh context' protocols to reset the agent's state between tasks, limiting the persistence of malicious instructions.\n- [COMMAND_EXECUTION]: The skill uses Python scripts ('check_state.py', 'validate_plan.py') to perform project maintenance and git-based versioning. These scripts execute shell commands through subprocesses to interact with the local repository, although actions are restricted to standard development utilities.
Audit Metadata