workspace-performance-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and analyze untrusted content from a user's monorepo.
- Ingestion points: Workspace files across multiple stacks (Next.js, NestJS, MongoDB, Plasmo) accessed during discovery and audit phases.
- Boundary markers: Absent. No delimiters or instructions to ignore embedded prompts are defined in the orchestration logic.
- Capability inventory: File system write access (.agents/AUDITS/) and coordination of multiple specialized skills.
- Sanitization: Absent. No evidence of sanitization or filtering of content read from the workspace.
- NO_CODE (SAFE): No executable scripts, binaries, or command executions were found in the provided files. The skill functions purely as an orchestration prompt.
- Metadata Analysis (SAFE): Metadata is consistent with functionality and does not contain deceptive instructions. Note: The skill references an external guide 'references/full-guide.md' for command execution details which was not provided for analysis.
Audit Metadata