gsp-housekeeping
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform local repository audits. It executes commands to count project components (ls, wc), read version files (cat), and inspect the working tree (git status, git log) to detect drift between the filesystem and documentation. It also utilizes node -e to programmatically extract the version field from project manifests like package.json and plugin.json.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it ingests content from a wide range of project files (gsp/**/*, bin/install.js) to detect and fix stale terminology.
- Ingestion points: The skill reads markdown and JavaScript files project-wide via Grep and Read tools.
- Boundary markers: No specific delimiters are defined to isolate untrusted content from these files during analysis.
- Capability inventory: The skill has access to Edit and Bash tools, allowing it to modify files and create git commits based on ingested data.
- Sanitization: No sanitization is performed on the file content before it is processed by the agent.
Audit Metadata