workbench-waking-up
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill is instructed to read and summarize data from potentially untrusted sources such as issue comments, repository files, and automation logs during its 'Wake' procedures.
- Ingestion points: 'Standard Wake' and 'Deep Wake' procedures in SKILL.md involve reading Multica issue comments, repo state, and Research Vault content.
- Boundary markers: The instructions lack requirements for using boundary markers or 'ignore' instructions to isolate untrusted data during processing.
- Capability inventory: The 'Session-To-Workbench Bridge' section authorizes the agent to write updates to core configuration and behavioral files including SKILL.md and AGENTS.md.
- Sanitization: While the skill includes a checklist to exclude secrets and private data from output, it does not specify sanitization or validation of the input data to prevent embedded instructions from influencing the agent's logic.
Audit Metadata