gsd-fast
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection through user-supplied command arguments.
- Ingestion points: User-provided text following the
$gsd-fasttrigger, mapped to{{GSD_ARGS}}inSKILL.md. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential commands embedded in
{{GSD_ARGS}}. - Capability inventory: The objective includes file system writes (typo fixes, config changes) and the
codex_skill_adapterinSKILL.mdmaps agent spawning and user input requests. - Sanitization: There is no evidence of input validation, sanitization, or escaping for the user-supplied arguments.
- Mitigation: Wrap user input in unique delimiters and explicitly instruct the model to treat the content within those delimiters as data to be acted upon, not as instructions to follow.
Audit Metadata