Skills
skills/patricio0312rev/workspaces/workspace-init/Gen Agent Trust Hub

workspace-init

Warn

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The init-workspace.sh script utilizes curl or wget to download a configuration file (WORKSPACE.md) from an arbitrary, user-provided URL via the --from flag.
  • [COMMAND_EXECUTION]: The skill directs the agent to perform extensive filesystem discovery using find or ls commands across multiple paths in the user's home directory, such as ~/Sites, ~/work, and ~/projects, to identify existing project folders.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection via the 'Import from URL' feature. 1. Ingestion point: The init-workspace.sh script writes remote content directly to WORKSPACE.md. 2. Boundary markers: Absent in the instructions for parsing the imported file. 3. Capability inventory: The skill has the ability to search the filesystem, create directories, and interface with GitHub via MCP tools. 4. Sanitization: There is no evidence of validation or sanitization of the downloaded configuration before the agent processes it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 27, 2026, 08:08 PM