gsp-pretty
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool to execute shell commands for gathering context, including 'git log', 'git diff', and reading project files. Furthermore, it executes dynamically generated JavaScript code using 'node -e' to render ASCII art in the user's terminal.
- [DATA_EXFILTRATION]: The skill accesses potentially sensitive project metadata such as recent commit messages, file diffs, and the contents of 'package.json' or 'README.md'. While this data is used internally to seed art generation, accessing project history and file changes constitutes exposure of user environment data.
- [INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the local development environment that an external actor could influence.
- Ingestion points: Data is read from 'git log --oneline -5', 'package.json', 'README.md', and 'git diff --stat' (SKILL.md).
- Boundary markers: None. The skill does not use delimiters or instructions to ignore potential commands embedded in the project files or commit history.
- Capability inventory: The skill has the 'Bash' tool and uses it to execute arbitrary commands via 'node -e' (SKILL.md).
- Sanitization: None. The gathered context is used directly as 'creative inspiration' for code generation and execution.
- [DYNAMIC_EXECUTION]: The skill generates a JavaScript snippet at runtime and executes it via the 'node -e' command. While used here for visual effects, this pattern of 'Script generation + execution' is a known risk vector when the generation is influenced by external inputs (Category 10).
Audit Metadata