gsd
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the use of
npx get-shit-done-cc, which fetches and executes a package from the public npm registry at runtime. This package is managed by an external third-party (gsd-build) not listed as a trusted vendor. - [COMMAND_EXECUTION]: The installation instructions suggest running a global installation command (
--global), which typically requires elevated system permissions and executes code provided by the external package author.
Audit Metadata