Skills
skills/nsantini/gsdl/gsdl-document-decisions/Gen Agent Trust Hub

gsdl-document-decisions

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external, potentially untrusted sources like git commit history and project documentation files.
  • Ingestion points: The skill reads the PRD file, the task list file, and the output of git log (commit messages).
  • Boundary markers: There are no explicit boundary markers or instructions provided to the model to disregard instructions embedded within the ingested text.
  • Capability inventory: The skill can write files to the local disk and perform network requests (POST) to Slite and Notion APIs.
  • Sanitization: There is no evidence of sanitization or filtering of the ingested content before it is used to synthesize decisions.
  • [COMMAND_EXECUTION]: The skill executes local shell commands to interact with git.
  • Evidence: It runs git log --oneline --no-merges, git show --stat [COMMIT_HASH], and git diff HEAD~[N] HEAD --name-status. These commands are used as intended for project analysis.
  • [SAFE]: The network operations target well-known services (Slite and Notion) for the legitimate purpose of publishing documentation. Credentials are handled via environment variables ($SLITE_API_KEY, $NOTION_TOKEN), which is a standard security practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 11:31 PM