setup-workspace
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads external user data which serves as a potential surface for indirect instructions.
- Ingestion points: Context is gathered by reading
goals.mdin Step 1. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present when reading the file.
- Capability inventory: Local file and directory creation within
04-workspace/and updating theuser-config.yamlconfiguration file. - Sanitization: No explicit sanitization of the content from
goals.mdis performed before processing. - Command Execution (SAFE): The skill's file system operations are limited to creating directories and markdown documentation within the designated workspace folder, consistent with its stated purpose.
- Persistence Mechanisms (SAFE): The update to
user-config.yamlis for state tracking and does not involve installing services or modifying shell profiles. - Data Exposure (SAFE): No network operations or hardcoded credentials were detected; the skill operates exclusively on local files.
Audit Metadata