kw-cubic
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design as it ingests untrusted data from an external source.
- Ingestion points: Untrusted content from cubic.ai is accepted via the
$ARGUMENTSvariable inSKILL.md. - Boundary markers: While the skill uses
<cubic-analysis>tags within its own instructions, the content is subsequently interpolated into a natural language task description string ([ANALYSIS]) for thegsd:quicktool without escaping or strict delimiters to prevent the agent from following instructions embedded within that content. - Capability inventory: The skill invokes the
gsd:quickskill (SKILL.md), which belongs to an autonomous workflow capable of reading the codebase and applying modifications. - Sanitization: No sanitization, validation, or filtering is applied to the cubic.ai output before it is passed to the powerful
gsd:quicktool. - [EXTERNAL_DOWNLOADS]: The skill documentation and configuration involve external resources.
- The
README.mdprovides an installation command usingnpxthat fetches from the author's own repository (kwazema/claude-skills). - The skill requires the
Get Shit Done (GSD)workflow, which is an external dependency hosted atgithub.com/get-shit-done-ai/get-shit-done.
Audit Metadata