gsd-audit-milestone
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted documentation files to drive audit decisions. \n
- Ingestion points: Data is read from project-specific files matching the patterns .planning/phases//-SUMMARY.md and .planning/phases//-VERIFICATION.md. \n
- Boundary markers: The skill definition lacks explicit boundary delimiters or instructions to ignore embedded prompts within the ingested markdown files. \n
- Capability inventory: The agent is granted access to high-privilege tools including Bash, Task, and Write, which could be exploited if malicious instructions are present in the ingested data. \n
- Sanitization: There is no evidence of content validation or sanitization for the data read from the local file system before it is passed to the audit workflow. \n- [COMMAND_EXECUTION]: The skill explicitly allows the use of Bash and Task tools, which provide powerful command-line execution capabilities within the project environment. \n- [NO_CODE]: The skill does not bundle any executable scripts or binary files, relying instead on a markdown-defined workflow.
Audit Metadata