workbench-implementation
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection (Category 8) because it is designed to ingest and act upon external codebase data.
- Ingestion points: Reading and inspecting local repository files, workspace metadata, and live resource configurations.
- Boundary markers: Absent. The skill lacks instructions to delimit or ignore instructions that may be embedded within the processed code or data.
- Capability inventory: The skill is authorized to perform file system modifications, execute verification commands, and mutate live environment resources such as hooks and cron jobs.
- Sanitization: No validation or sanitization of external content is specified before the data is processed or interpolated into the agent's context.
Audit Metadata