gsd-pause-work
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes 'git commit' to save work-in-progress state. This is an expected behavior for a developer productivity tool.
- [DATA_EXFILTRATION]: The skill reads local workspace files to gather current project state. This data is used solely to generate a local handoff file ('.continue-here.md') and is not sent to external servers.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the local workspace to generate handoff documentation. (1) Ingestion points: Recent files and phase-specific directories in SKILL.md. (2) Boundary markers: Not explicitly defined in the skill wrapper. (3) Capability inventory: File system read/write and 'git commit' operations. (4) Sanitization: No explicit content sanitization is described in the logic.
Audit Metadata