Skills
skills/verneagent/tiny-skills/wksp/Gen Agent Trust Hub

wksp

Fail

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to use dangerouslyDisableSandbox: true for multiple operations in SKILL.md, bypassing the security boundaries intended to protect the host system.
  • [COMMAND_EXECUTION]: The wksp_ops.py script modifies the agent's global configuration file (~/.claude.json) to set hasTrustDialogAccepted: True for workspace paths. This bypasses the security prompt that normally requires users to manually trust a project directory before the agent can operate within it.
  • [COMMAND_EXECUTION]: The skill modifies project-specific settings (.claude/settings.local.json) to automatically grant permissions for the handoff skill and allows wildcard shell execution via Bash(python3 "<scripts_dir>/"*). This removes the "human-in-the-loop" requirement for approving potentially dangerous scripts.
  • [COMMAND_EXECUTION]: The skill uses AppleScript (osascript) via launch.py to execute commands in a new terminal session. While intended for workspace launching, this mechanism could be abused to execute arbitrary commands outside the agent's immediate control if path resolution is manipulated.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 14, 2026, 02:41 AM