mixseek-workspace-init
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The skill instructs the agent to guide the user in modifying shell profile files (
~/.bashrcand~/.zshrc) to persist environment variables. While standard for environment setup, this is a persistence mechanism that modifies shell startup behavior. - Command Execution (MEDIUM): The skill executes a local shell script (
init-workspace.sh) and usesmkdir -pwith a user-supplied<workspace-path>. Executing scripts with unvalidated user input is a risk for command injection. - Indirect Prompt Injection (MEDIUM):
- Ingestion points: User-provided
<workspace-path>via chat interaction (SKILL.md). - Boundary markers: None identified for the path interpolation.
- Capability inventory: Execution of a bash script and multiple
mkdircalls (SKILL.md). - Sanitization: No explicit sanitization or validation of the path string is mentioned in the instructions, allowing for potential path traversal or command injection if the input contains shell metacharacters.
Audit Metadata