workspace-manager
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No patterns of instruction override, role-play jailbreaks, or system prompt extraction were detected in the skill instructions.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive system files (e.g., .ssh, .aws) and contains no network-bound operations or hardcoded credentials.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No package managers (npm, pip) are invoked, and there are no instances of remote script downloads or dynamic code execution.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user input to name folders and document titles, which could theoretically be used to store malicious payloads. However, the risk is minimal as the skill has no high-privilege capabilities.
- Ingestion points: User-provided strings for [topic] and [domain] used in folder and file creation in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Restricted to creating directory structures and markdown files based on predefined templates.
- Sanitization: No explicit sanitization or escaping of user-provided strings is implemented.
- [Persistence & Privilege Escalation] (SAFE): The skill does not attempt to modify shell profiles, cron jobs, or acquire administrative privileges.
Audit Metadata