gsd-add-todo
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted user data to automate workspace actions. Note that this is inherent to the skill's purpose of capturing todos from context.
- Ingestion points: Untrusted data enters the agent context via the
{{GSD_ARGS}}parameter and the broader conversation history. - Boundary markers: The skill does not explicitly define delimiters (e.g., XML tags or triple backticks) to isolate user-supplied content from instructions.
- Capability inventory: The skill possesses capabilities including spawning sub-agents (
spawn_agent), creating/modifying local files, and executing git commits. - Sanitization: No explicit validation or sanitization logic for the ingested conversation context is defined within the skill manifest.
Audit Metadata