Skills
skills/different-ai/agent-bank/workspace-guide/Gen Agent Trust Hub

workspace-guide

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • External Downloads (HIGH): The skill directs users to install 'OpenCode' from 'opencode.ai'. This domain is not part of the established Trusted External Sources. Recommending unverified third-party software as a prerequisite for skill functionality presents a significant risk of malware installation.
  • Prompt Injection (HIGH): The skill establishes an Indirect Prompt Injection surface by instructing the agent to process arbitrary files in the workspace.
  • Ingestion points: Any file placed within the user's workspace (SKILL.md).
  • Boundary markers: Absent. There are no delimiters or instructions provided to help the agent distinguish between file data and embedded malicious commands.
  • Capability inventory: The skill explicitly mentions the ability to 'create new ones' (files) and 'organize them', indicating active file-system modification capabilities.
  • Sanitization: Absent. There is no logic to sanitize or validate the content of workspace files before the agent acts on them. A malicious file could include instructions to create backdoors or delete other files during the 'organization' or 'summarization' process.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:22 AM