gsd-do
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted user input via the
{{GSD_ARGS}}parameter and interpolates it directly into the agent's context. Without explicit 'ignore' instructions or robust delimiters, this content could potentially override the agent's intended routing logic or trigger unintended tool execution. - Ingestion points:
SKILL.md(via the{{GSD_ARGS}}variable). - Boundary markers: Uses XML-style
<context>tags, but lacks instructions to treat the inner content as non-executable data. - Capability inventory: The skill can spawn sub-agents (
spawn_agent) and invoke various local 'GSD' workflow commands. - Sanitization: No validation or escaping is applied to the input provided after the
$gsd-docommand.
Audit Metadata