artist-workspace
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates within a defined sandbox directory (orgs/{org}/artists/) and uses standard shell utilities like ls and git log for file management and version control history. No evidence of data exfiltration, credential theft, or unauthorized remote execution was found.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external workspace files and git history which may contain attacker-controlled content.
- Ingestion points: RECOUP.md, context/artist.md, context/audience.md, and the output of git log commands in SKILL.md.
- Boundary markers: Absent; there are no explicit instructions for the agent to ignore embedded commands or use delimiters in the processed files.
- Capability inventory: The skill allows directory listing (ls), reading git history (git log), and reading/writing markdown files within the artist workspace.
- Sanitization: Absent; content from the workspace is used to inform agent behavior without explicit validation or escaping.
Audit Metadata