gsd-forensics
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs diagnostic analysis on local metadata and git history to identify the root cause of workflow failures.
- [DATA_EXFILTRATION]: While the skill offers GitHub issue creation, it contains mandatory rules to redact sensitive data, including API keys, tokens, and absolute paths, prior to external communication.
- [COMMAND_EXECUTION]: Executed commands are limited to informational git operations (log, status, diff) and reading project-specific planning artifacts, which are appropriate for forensic investigation.
- [PROMPT_INJECTION]: The skill processes untrusted data from git history and user arguments, representing an indirect prompt injection surface. 1. Ingestion points: git logs, planning state files, and user input (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Spawning sub-agents and writing reports to local storage. 4. Sanitization: Includes explicit instructions to redact sensitive credentials from all findings.
Audit Metadata