gsd-add-phase
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted user input from {{GSD_ARGS}} to perform privileged file system actions.\n
- Ingestion points: User-supplied phase descriptions enter the context via the {{GSD_ARGS}} variable in SKILL.md.\n
- Boundary markers: The skill lacks explicit delimiters or instructions for the agent to ignore potential instructions embedded within the user-provided phase description.\n
- Capability inventory: The skill has the capability to create new directories, modify existing files (roadmap, STATE.md), and spawn additional agents using the spawn_agent tool.\n
- Sanitization: While the process describes generating a slug from the description for directory naming, it does not specify sanitization or validation of the input content before it is written to roadmap files or passed to sub-agents.\n- [COMMAND_EXECUTION]: The skill performs automated file system operations including directory creation and file updates.\n
- Evidence: The objective and process sections explicitly outline that the workflow handles directory creation, roadmap entry insertion, and updates to the STATE.md tracking file.
Audit Metadata