The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes dynamic context injection (the !command syntax) in SKILL.md to run a local Node.js script: node "/mnt/local-analysis/workspace-hub/.codex/get-shit-done/bin/gsd-tools.cjs" config-set-model-profile {{GSD_ARGS}} --raw. The {{GSD_ARGS}} placeholder, which is populated with raw user input derived from the text following the command mention, is directly interpolated into the shell command without sanitization. This creates a risk of command injection where a user could provide shell metacharacters (such as ;, &, or |) to execute arbitrary commands on the system.

gsd-set-profile