gsd-stats
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were detected in the skill instructions.
- [COMMAND_EXECUTION]: The skill directs the agent to execute a local workflow file at '@/mnt/local-analysis/workspace-hub/.codex/get-shit-done/workflows/stats.md'. This is the primary function for project metrics generation.
- [PROMPT_INJECTION]: The skill processes untrusted data such as git history and requirement documentation. Ingestion points: local git metrics and project files; Boundary markers: Absent; Capability inventory: spawn_agent, request_user_input, and workflow execution; Sanitization: None. This creates a surface for indirect prompt injection, which is a common risk for analytical agents but no malicious intent was observed in this implementation.
Audit Metadata