Skills
skills/vamseeachanta/workspace-hub/gsd-autonomous/Gen Agent Trust Hub

gsd-autonomous

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script named gsd-tools.cjs with subcommands such as init and roadmap analyze to manage and analyze the project roadmap.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from multiple sources to determine its autonomous actions.
  • Ingestion points: Data is ingested from ROADMAP.md, STATE.md, and the user-provided {{GSD_ARGS}} variable.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands were found in the skill's logic.
  • Capability inventory: The skill has the capability to execute local scripts via gsd-tools.cjs and spawn new agents with specific prompts using spawn_agent.
  • Sanitization: There is no evidence of sanitization or validation of the input data before it is used to influence the workflow or the prompts passed to spawned agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 04:33 AM