source-command-gsd-from-gsd2
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js script located at a specific path (
/mnt/local-analysis/workspace-hub/.Codex/get-shit-done/bin/gsd-tools.cjs) to handle project migration. This is the core functionality of the skill. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of untrusted data from the user's project files.
- Ingestion points: Data is read from the
.gsd/directory, including Milestone, Slice, and Task hierarchies, as well as research files and summaries. - Boundary markers: The skill lacks explicit instructions or delimiters to tell the agent to ignore any natural language instructions that might be embedded within the migrated project files.
- Capability inventory: The skill has the capability to execute shell commands (
node), and perform file read/write operations within the workspace. - Sanitization: There is no evidence of sanitization or validation of the content within the
.gsd/files before it is processed or summarized for the user.
Audit Metadata