The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interpolates user-provided text from the {{GSD_ARGS}} placeholder directly into shell commands. Since these variables are enclosed in double quotes rather than single quotes, the shell will still process command substitution characters such as backticks or $(). Evidence: SLUG=$(node "/mnt/local-analysis/workspace-hub/.codex/get-shit-done/bin/gsd-tools.cjs" generate-slug "{{GSD_ARGS}}"). Evidence: node "/mnt/local-analysis/workspace-hub/.codex/get-shit-done/bin/gsd-tools.cjs" commit "docs: add backlog item ${NEXT} — ${ARGUMENTS}".
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting project roadmap data and user arguments without employing sanitization or boundary markers. 1. Ingestion points: The .planning/ROADMAP.md file is read via cat and user input is captured via {{GSD_ARGS}}. 2. Boundary markers: Absent; no specific delimiters are used to isolate untrusted content from the execution logic. 3. Capability inventory: The agent has the ability to execute Node.js scripts (which can perform file and git operations), create directories (mkdir), and create files (touch). 4. Sanitization: Absent; the skill does not validate or escape the content of the roadmap or user input before using it in logic or commands.

gsd-add-backlog