workspace-api
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents API patterns for ingesting data from tables and document handles, which serves as a surface for indirect prompt injection.
- Ingestion points: Data access methods such as table.get (references/table-kv-crud-observation.md) and handle.read (references/document-content.md) are identified as entry points for untrusted data.
- Boundary markers: No delimiters or specific instructions to ignore embedded content are included in the provided code patterns.
- Capability inventory: The API patterns in SKILL.md describe integration with sensitive capabilities including browser tab management (browser.tabs.remove) and filesystem access (readdir).
- Sanitization: No sanitization or input validation logic is defined for data read from the workspace.
- [SAFE]: References the well-known Yjs framework as a foundational technology for the data layer.
Audit Metadata