Skills
skills/shoootyou/get-shit-done-multi/gsd-execute-phase/Gen Agent Trust Hub

gsd-execute-phase

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to discover and execute 'plans' found in the workspace, which are treated as trusted instructions.
  • Ingestion points: Discovers and analyzes plans within a phase to group them into execution waves (SKILL.md).
  • Boundary markers: No explicit delimiters or 'ignore embedded instructions' markers are used when processing plan data.
  • Capability inventory: The skill utilizes powerful tools including Bash, Task, Write, and Edit, which allow for significant system changes (SKILL.md).
  • Sanitization: There is no evidence of validation or sanitization of the content within the discovered plans before they are passed to subagents for execution.
  • [COMMAND_EXECUTION]: The skill explicitly allows the use of Bash and Task tools. While intended for legitimate workflow execution, these tools can be exploited to run arbitrary commands if a malicious plan is injected into the workspace.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 07:07 PM