tidy-project-structure
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Bash commands such as
find,grep,git mv,mkdir, anddiffto perform its primary tasks of directory auditing, file relocation, and configuration comparison. These are standard operations for the skill's stated purpose.\n- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8) because it ingests untrusted data from the project being tidied. \n - Ingestion points: Steps 3 and 5 read the contents of README files and configuration files (e.g.,
.env,.yml) usingfindandgrep.\n - Boundary markers: The instructions do not define delimiters or provide the agent with 'ignore instructions' warnings when processing these external file contents.\n
- Capability inventory: The skill has access to
Write,Edit, andBashtools, which could be exploited if the agent follows malicious instructions embedded in the project files.\n - Sanitization: There is no evidence of sanitization or validation of the file content before it is processed by the agent.\n- [DATA_EXPOSURE]: Step 5 includes a security audit pattern that searches for hardcoded secrets (API keys, tokens, passwords) using
grep. This is handled safely as a diagnostic step intended to flag issues for escalation rather than for exfiltration.
Audit Metadata