Skills
skills/tacuchi/workspace-tools/workspace-setup/Gen Agent Trust Hub

workspace-setup

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the workspace-guide tool from the vendor's own tacuchi/workspace-tools repository via npx to provide additional workspace functionality.\n- [COMMAND_EXECUTION]: Provides instructions to execute npx workspace-update sync to finalize the workspace configuration, which runs code from the vendor's package.\n- [PROMPT_INJECTION]: The skill refactors external content from project root files (e.g., CLAUDE.md, AGENTS.md, or GEMINI.md) into new documents, creating an indirect prompt injection surface.\n
  • Ingestion points: Reads the project's primary instruction files as the source for splitting content into new files.\n
  • Boundary markers: Absent; no delimiters or "ignore embedded instructions" warnings are applied to the content being extracted and moved.\n
  • Capability inventory: Performs file system operations to create and overwrite documentation files in docs/ and technology-specific rules in .claude/rules/.\n
  • Sanitization: Absent; content sections are moved from the source to destination files without any validation or filtering process.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 01:00 AM