Skills
skills/a-green-hand-jack/ml-research-skills/new-workspace/Gen Agent Trust Hub

new-workspace

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to perform Git operations (git checkout, git worktree), file system modifications (cp, ln, mkdir), and Python environment synchronization (uv sync). These operations are consistent with the skill's stated purpose of workspace management.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection through the processing of the .worktree-links configuration file. A malicious actor could include this file in a repository to trick the agent into performing unauthorized file operations.
  • Ingestion points: The skill reads and iterates over lines in the .worktree-links file located in the project root.
  • Boundary markers: None. The skill lacks delimiters or instructions to ignore malicious content within the configuration file.
  • Capability inventory: The agent has Bash and Write capabilities, allowing it to create directories and symlinks (ln -s).
  • Sanitization: There is no validation or sanitization of the paths provided in the .worktree-links file. Specifically, it does not check for path traversal sequences (e.g., ../../), which could allow an attacker to create symlinks to sensitive files outside the project directory (like ~/.ssh/id_rsa) inside the worktree.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 11:08 AM