gsd-debug
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands and a Node.js script from a specific absolute path (
/mnt/local-analysis/workspace-hub/.codex/get-shit-done/bin/gsd-tools.cjs). These commands are used to manage session state and resolve model configurations within the debugging framework. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it handles untrusted data:
- Ingestion points: Raw user input is captured via
{{GSD_ARGS}}and subsequent symptom gathering steps (Expected behavior, Actual behavior, Error messages). - Boundary markers: There are no explicit delimiters or 'ignore' instructions surrounding the interpolated user content in the subagent prompts defined in
references/debugger-prompt.md. - Capability inventory: The skill can spawn new agents (
spawn_agent), read files (cat), and execute local scripts (node). - Sanitization: There is no evidence of input validation or sanitization before passing user-controlled text into the subagent's instructions. An attacker could provide malicious content within a simulated error message to influence the subagent's behavior.
Audit Metadata