gsd-plan-milestone-gaps
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection through the ingestion of untrusted data.\n
- Ingestion points: The skill reads audit data from file paths matching .planning/v*-MILESTONE-AUDIT.md via Glob and Read tools.\n
- Capability inventory: The skill is authorized to use Bash and Write tools (configured in allowed-tools), which could be exploited to perform unauthorized operations if malicious instructions are embedded in the audit files.\n
- Boundary markers: The skill definition does not specify any delimiters or instructions to the model to ignore embedded prompts within the audit data files.\n
- Sanitization: There is no evidence of sanitization, filtering, or validation of the content read from the milestone audit files before it is processed by the agent workflow.
Audit Metadata