workspace-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill references several shell scripts (
setup.sh,init-project.sh,start-services.sh) and usespython -cfor integration testing. While these are standard development practices, the contents of these scripts are not provided in the skill file and must be audited separately. - EXTERNAL_DOWNLOADS (LOW): The documentation includes instructions to
git clone <repo>, representing a placeholder for external code acquisition. Users should ensure the target repository is from a trusted source. - PROMPT_INJECTION (LOW): Category 8 (Indirect Prompt Injection)
- The architecture describes a Semantic Router and RAG system that ingests untrusted user queries to trigger capabilities.
- Ingestion points: User queries processed by the Semantic Router and data indexed into the Qdrant vector database.
- Boundary markers: Templates for Slash Commands and Agent Prompts do not explicitly define boundary markers or 'ignore' instructions for embedded data.
- Capability inventory: The system is designed to execute Python commands and shell scripts based on routing logic.
- Sanitization: No explicit sanitization or validation logic is described in the provided specification.
Audit Metadata