workspace-planning
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed for administrative and project management tasks within a workspace. It performs standard file operations (reading and writing YAML) in a dedicated directory ('planning/schedules/') and checks for directory existence in the 'openspec/changes/' folder, which is consistent with its stated purpose.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection, as it processes and displays data from external files. 1. Ingestion points: The skill parses data from 'planning/schedules/*.yaml' files during the 'review' and 'update' operations. 2. Boundary markers: There are no defined boundary markers or instructions to isolate data from the agent's executable context. 3. Capability inventory: The skill can read and write files in the local workspace and interact with the 'yunxiao' skill. 4. Sanitization: The instructions do not provide for sanitization or validation of text content found in the YAML modules before it is presented to the user or processed by the model.
Audit Metadata