Skills
skills/vamseeachanta/workspace-hub/gsd-review-backlog/Gen Agent Trust Hub

gsd-review-backlog

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes a local Node.js script (gsd-tools.cjs) using shell commands.
  • Evidence: node "/mnt/local-analysis/workspace-hub/.codex/get-shit-done/bin/gsd-tools.cjs" phase add "${DESCRIPTION}" --raw and node "/mnt/local-analysis/workspace-hub/.codex/get-shit-done/bin/gsd-tools.cjs" commit ....
  • [PROMPT_INJECTION]: Susceptible to indirect prompt injection (Category 8) through external project files.
  • Ingestion points: Reads phase descriptions and metadata from .planning/ROADMAP.md and directory names via ls and cat commands.
  • Boundary markers: Absent; data from the roadmap is directly interpolated into commands as variables.
  • Capability inventory: Can execute shell commands via Node.js, read files, and delete directories (rm via process description).
  • Sanitization: No explicit sanitization or escaping of ${DESCRIPTION} or other extracted metadata is shown before being used in shell interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 04:33 AM