gsd-milestone-summary
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for project management and documentation analysis. It performs legitimate operations such as reading project artifacts and writing reports to the local filesystem.
- [PROMPT_INJECTION]: The skill processes untrusted project documentation, which presents a surface for indirect prompt injection.
- Ingestion points: Project artifacts such as
ROADMAP.md,REQUIREMENTS.md, andRETROSPECTIVE.mdin the.planning/directory. - Boundary markers: None; the instructions do not specify delimiters or warnings to ignore embedded commands within the artifacts being summarized.
- Capability inventory: The skill can read/write files and initiate sub-agent tasks using the
spawn_agentcapability. - Sanitization: Input content from documentation files is processed directly by the LLM without specific sanitization or filtering logic.
Audit Metadata