gsd-pr-branch
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill delegates its entire logic to an external workflow file located at
@/mnt/local-analysis/workspace-hub/.codex/get-shit-done/workflows/pr-branch.md. This pattern of dynamic instruction loading hides the actual shell commands and agent behaviors from the skill's main definition file. - [COMMAND_EXECUTION]: The mapping logic in the
<codex_skill_adapter>section explicitly enables complex agent orchestration tools likespawn_agentandrequest_user_input, which are used to execute the external workflow's tasks without explicit visibility in the primary file. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes git commit data and branch history (untrusted input) to perform its filtering objective.
- Ingestion points: Git commit messages and file diffs processed during the filtering logic (SKILL.md).
- Boundary markers: Absent; there are no instructions to ignore embedded commands within the git data.
- Capability inventory: Uses
spawn_agentfor multi-agent orchestration and implies git CLI usage (SKILL.md). - Sanitization: Absent; the skill does not define any sanitization or validation for the data ingested from the git environment.
Audit Metadata