workbench-capy-vm-lane
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its handling of untrusted data from external 'issues'.
- Ingestion points: Data enters the context via issue declarations and fields such as EXECUTION_TARGET and VM_LEASE.
- Boundary markers: No explicit delimiters or instructions are used to isolate untrusted issue content from the agent's instructions.
- Capability inventory: The skill interacts with a local Computer API via curl to perform actions like taking screenshots.
- Sanitization: No validation or sanitization of input fields or issue content is specified.
Audit Metadata