gsd-add-todo
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection. Ingestion points include user-provided arguments and the surrounding conversation context. The skill lacks explicit boundary markers to delimit untrusted data. Capabilities include file reading, writing, and bash command execution. No sanitization or validation logic is defined for the extracted content.
- [COMMAND_EXECUTION]: The skill requests and utilizes the Bash tool to perform directory operations and git commits. This represents a powerful capability that is gated by the interpretation of potentially untrusted conversation data.
Audit Metadata