workspace-status
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/status.shexecutes several shell commands includinggit status,git log,git rev-list,grep, andsedto collect information about the workspace. While these are standard tools for status reporting, they involve executing sub-processes based on local file system content. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing and displaying untrusted content from the local environment.
- Ingestion points: Data is read from workspace configuration files (project names) and git repositories (commit messages via
git log). - Boundary markers: None. The extracted strings are placed directly into a formatted table and list for the agent to process.
- Capability inventory: The agent has the capability to execute shell commands and read/write files as part of its normal operation.
- Sanitization: No sanitization or escaping is performed on the commit messages or project names before they are presented to the agent. An attacker who can influence a commit message in a watched repository could theoretically inject instructions into the agent's context.
Audit Metadata