gsd-list-phase-assumptions
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted project files (roadmap and project state), which creates a surface for indirect prompt injection where malicious content in those files could influence agent behavior.
- Ingestion points: Project state and roadmap files are loaded during the workflow execution as specified in the context section of SKILL.md.
- Boundary markers: The skill does not specify any delimiters or instructions to treat the ingested file content as data only or to ignore embedded instructions.
- Capability inventory: The skill has access to Bash, Read, Grep, and Glob tools, which could be exploited if an injection occurs.
- Sanitization: No sanitization or validation of the content of the roadmap files is described in the workflow.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to facilitate its analysis of project files. This is consistent with its stated purpose of technical analysis, though it represents a powerful capability in the context of processing untrusted file data.
Audit Metadata