gsd-plant-seed
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-supplied arguments ({{GSD_ARGS}}) which represents an indirect prompt injection surface.
- Ingestion points: User-provided text following the $gsd-plant-seed command in SKILL.md.
- Boundary markers: Absent; no delimiters or ignore-instructions are used to isolate user input from the workflow context.
- Capability inventory: Ability to spawn agents via mapped Task commands and write files to the project's .planning/seeds/ directory.
- Sanitization: Absent; user arguments are processed directly by the referenced workflow without validation.
- [COMMAND_EXECUTION]: The skill invokes a specific workflow script from a fixed local filesystem path.
- Evidence: The block directs the agent to execute instructions from @/mnt/local-analysis/workspace-hub/.codex/get-shit-done/workflows/plant-seed.md.
Audit Metadata