gsd-insert-phase
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill accepts user-provided text in the description argument which is then processed by internal workflows. This creates a potential surface for indirect prompt injection.
- Ingestion points: User input enters via the $ARGUMENTS variable in the SKILL.md file.
- Boundary markers: The skill does not implement explicit delimiters or boundary markers to isolate user input from workflow instructions.
- Capability inventory: The skill is granted Bash, Read, and Write permissions as defined in the allowed-tools metadata, which increases the potential impact of an injection attack.
- Sanitization: No input validation or sanitization logic for the phase description is defined in the skill configuration.
Audit Metadata