gsd-remove-phase
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill interpolates user-provided arguments from {{GSD_ARGS}} directly into the Phase context field, which is a known surface for indirect prompt injection. \n
- Ingestion points: User input captured via {{GSD_ARGS}} is passed into the context block of the SKILL.md file. \n
- Boundary markers: Absent. The skill does not utilize delimiters (such as XML tags or triple quotes) or provide explicit instructions to the agent to ignore any commands potentially embedded in the phase arguments. \n
- Capability inventory: The skill is authorized to perform git commits, modify local files within the workspace, and spawn sub-agents to carry out portions of the roadmap cleanup workflow. \n
- Sanitization: There is no evidence of validation, escaping, or filtering of the user input before it is used by the agent to execute the workflow.
Audit Metadata