gsp-progress
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a read-only utility that generates a visual status dashboard based on project metadata. It does not perform network operations, execute arbitrary code, or modify system configurations.
- [DATA_EXPOSURE]: The skill reads
.design/branding/and.design/projects/directories, specifically accessingSTATE.md,config.json, andbrand.reffiles. While these tools (Read,Glob) are used to extract progress metrics, the skill is scoped to these project-specific paths and does not target sensitive system directories. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external files (
STATE.md,config.json). However, the instructions define a strict logic for parsing specific status values and counting files, which significantly limits the risk of the agent interpreting data content as instructions.
Audit Metadata