multi-workspace
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The multi sync rules feature generates workspace-level instruction files (CLAUDE.md and AGENTS.md) by aggregating all .cursor/rules/*.mdc files found within sub-repositories. This allows instructions from potentially untrusted sub-repos to be promoted to the workspace level, where they can influence the agent's core instructions.
- Ingestion points: .cursor/rules/*.mdc files located in sub-directories/repositories (SKILL.md).
- Boundary markers: The skill does not implement delimiters or 'ignore' instructions when concatenating rules into the final markdown files (references/commands.md).
- Capability inventory: The skill has the ability to run Git commands across all repositories (multi git) and write configuration files to the workspace root (multi sync).
- Sanitization: There is no evidence of sanitization or filtering of the content extracted from the .mdc files before they are written to the agent's instruction files.
- [EXTERNAL_DOWNLOADS]: The skill documentation identifies the multi-workspace CLI tool as being hosted on the Python Package Index (PyPI).
- [COMMAND_EXECUTION]: The multi git command enables running Git operations across all repositories in the workspace. This involves the execution of the git command-line utility with arbitrary arguments passed through the CLI tool.
Audit Metadata