source-command-gsd-workstreams
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to execute the
gsd-sdkutility with various subcommands (list, create, status, switch, progress, complete, resume). User-provided input, such as workstream names, is interpolated directly into the command arguments, which represents a potential command injection surface if the underlying agent platform does not sanitize inputs.- [INDIRECT_PROMPT_INJECTION]: The skill processes JSON output from thegsd-sdktool to display information to the user. This creates a surface where instructions could be embedded in the tool's data. - Ingestion points: Command output from
gsd-sdk queryoperations (SKILL.md) - Boundary markers: Absent; the instructions do not specify delimiters or warnings for the agent to ignore embedded instructions
- Capability inventory: Subprocess execution of
gsd-sdkfor all subcommands (SKILL.md) - Sanitization: Absent; the skill does not define validation or escaping for the ingested JSON data.
Audit Metadata