Skills
skills/coder/mux/dev-desktop-sandbox/Gen Agent Trust Hub

dev-desktop-sandbox

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflow documentation involves running local shell commands such as make, bunx electron, and build scripts to initialize and launch a sandboxed Electron environment.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the ingestion of local configuration files. 1. Ingestion points: providers.jsonc and config.json in the root directory. 2. Boundary markers: None explicitly defined in the workflow. 3. Capability inventory: Subprocess execution via make and bunx. 4. Sanitization: None described.
  • [SAFE]: The documentation demonstrates security-conscious practices by isolating instance data in temporary directories and explicitly recommending the exclusion of sensitive files like secrets.json from the sandbox state.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 10:22 AM