link-workspace-packages
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains only instructional content for package management. No attempts to override system prompts, bypass safety filters, or use role-play for jailbreaking were detected.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths (e.g., SSH keys, AWS configs), or unauthorized network operations were found. The skill only references standard project files like package.json and lockfiles.
- [Obfuscation] (SAFE): All text is clear and readable. No Base64 encoding, zero-width characters, or homoglyph-based obfuscation techniques are present.
- [Remote Code Execution] (SAFE): The skill does not download or execute remote scripts. While it provides commands for package managers (npm, pnpm, etc.), these are used for local workspace linking with placeholder package names (@org/*).
- [Persistence Mechanisms] (SAFE): No commands for modifying shell profiles, system services, or scheduled tasks were found.
Audit Metadata