coder-workspaces
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is entirely documentation-based and does not bundle any executable scripts or binaries. It relies exclusively on the pre-installed 'coder' CLI tool.
- [COMMAND_EXECUTION]: Provides a command reference for executing remote operations within Coder workspaces via 'coder ssh'. This functionality is the primary purpose of the skill and is intended for use within isolated, governed environments.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it requires the agent to read workspace logs and task outputs.
- Ingestion points: Untrusted data enters the context via 'coder logs' and 'coder tasks logs' (SKILL.md).
- Boundary markers: No specific delimiters or safety instructions are provided to the agent for processing log content.
- Capability inventory: The agent can execute commands in workspaces ('coder ssh') and manage tasks ('coder tasks create').
- Sanitization: No sanitization or validation of the log content is documented before processing.
Audit Metadata