gsd-reapply-patches
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to verify the presence of the backup directory.
- Evidence: A shell script block in Step 1 of SKILL.md checks the existence of the gsd-local-patches directory.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to read and interpret the contents of local patch files that could contain malicious instructions.
- Ingestion points: The agent reads the backup-meta.json manifest and the contents of files within the gsd-local-patches directory.
- Boundary markers: Absent. The skill lacks instructions to treat file content strictly as data or to ignore any natural language instructions embedded within the patches.
- Capability inventory: The agent has access to Write, Edit, and Bash tools, which could be misused if an injection attack successfully manipulates the agent's instructions.
- Sanitization: Absent. There is no logic to validate or escape the content of the files before they are processed and merged.
Audit Metadata