The Agent Skills Directory

[COMMAND_EXECUTION]: The skill directly interpolates user-provided input from the $ARGUMENTS variable into shell commands within the Step 0 initialization block: node {{PLATFORM_ROOT}}/get-shit-done/bin/gsd-tools.cjs init phase-op "$ARGUMENTS". This pattern is susceptible to command injection if the input contains shell metacharacters like semicolons or backticks, allowing arbitrary execution beyond the intended script.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests data from external project files and passes them to a sub-agent for processing. * Ingestion points: requirements_path, context_path, and state_path (SKILL.md). * Boundary markers: Absent; the content is passed to the sub-agent via the Task prompt without delimiters or instructions to ignore embedded commands. * Capability inventory: Bash, Read, and Task tools. * Sanitization: No sanitization or validation of the file contents is performed before they are processed by the LLM.
[DATA_EXFILTRATION]: The skill accesses and reads local file paths, including project requirements, state, and planning documents. While this is part of its core functionality, it represents a data exposure risk as sensitive project information is processed by the agent and its sub-agents.

gsd-research-phase