gsd-progress
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection.
- Ingestion points: The skill captures user input following the invocation command in the
{{GSD_ARGS}}variable and reads a workflow definition file located at@/mnt/local-analysis/workspace-hub/.codex/get-shit-done/workflows/progress.md. - Boundary markers: No delimiters or specific instructions are provided to the agent to distinguish between trusted instructions and potentially untrusted data within the ingested parameters or workflow file.
- Capability inventory: The skill has the ability to spawn additional agents (
spawn_agent) and request user input (request_user_input), which are sensitive operations that could be misdirected via injected instructions. - Sanitization: There is no evidence of sanitization, validation, or filtering of the user-provided arguments before they are utilized in the workflow logic.
- [NO_CODE]: This skill consists entirely of markdown-based instructions and metadata, with no accompanying source code files or executable scripts.
Audit Metadata