gsd-research-phase
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell interpolation to execute a local Node.js utility at '/mnt/local-analysis/workspace-hub/.codex/get-shit-done/bin/gsd-tools.cjs' with user-provided arguments '{{GSD_ARGS}}'. This pattern can lead to command injection if inputs are not properly sanitized by the platform before execution.
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting untrusted data from project files. Ingestion points: 'requirements_path', 'context_path', and 'state_path'. Boundary markers: Absent from the prompt templates in 'references/researcher-prompt.md'. Capability inventory: The spawned sub-agent can perform web searches and write to the file system. Sanitization: No explicit validation or escaping is performed on external file contents before inclusion in the sub-agent prompt.
- [DATA_EXFILTRATION]: The research process involves the sub-agent performing 'WebSearch' and 'Context7' queries, which involves transmitting data derived from project context files (requirements, state) to external search services.
Audit Metadata