gsd-pause-work
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute commands, such as Git commits, and follows a workflow from a computed path.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Recent files are read to detect phase and gather state (SKILL.md). Boundary markers: No delimiters or safety instructions are present to prevent the agent from obeying instructions embedded in those files. Capability inventory: The skill possesses Read, Write, and Bash capabilities (SKILL.md). Sanitization: No sanitization or content validation is performed on the data read from files.
- [EXTERNAL_DOWNLOADS]: The core logic of the skill is defined in an external workflow file located at a dynamic platform path. The safety of the operation depends on the integrity of the PLATFORM_ROOT environment.
Audit Metadata