Skills
skills/vamseeachanta/workspace-hub/gsd-review/Gen Agent Trust Hub

gsd-review

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to 'Invoke external AI CLIs' to review phase plans. This functionality implies the use of shell commands to call binaries such as Gemini or Codex based on flags like --gemini or --codex. This represents a significant capability that could be exploited if the agent fails to properly sanitize the arguments passed to these external tools.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests untrusted data from user-supplied {{GSD_ARGS}} and loads its primary execution instructions from an external local file located at @/mnt/local-analysis/workspace-hub/.codex/get-shit-done/workflows/review.md.
  • Ingestion points: User input through $gsd-review arguments and the local workflow file.
  • Boundary markers: None are specified to separate user data from instructions or to prevent the agent from obeying embedded commands.
  • Capability inventory: The skill uses spawn_agent (mapped from Task), request_user_input (mapped from AskUserQuestion), and implied shell command execution for CLI interaction.
  • Sanitization: The skill description lacks any mention of sanitization, input validation, or integrity checks for the workflow file.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 04:33 AM