Workspace SOP
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation provides the standard installation command for the Homebrew package manager, which involves executing a remote script from its official GitHub repository.
- [COMMAND_EXECUTION]: The skill lists several CLI utilities for file processing and data analysis, such as pandoc, python3, and jq, and establishes a policy requiring user approval for system-level changes like package installations via pip or brew.
- [EXTERNAL_DOWNLOADS]: Includes instructions for using the workspace_download tool to import research papers and other assets from external URLs such as arXiv.
- [PROMPT_INJECTION]: The skill processes untrusted data which creates a surface for indirect prompt injection.
- Ingestion points: Files are ingested via workspace_read and workspace_download (SKILL.md).
- Boundary markers: None explicitly defined for untrusted content.
- Capability inventory: The agent can execute subprocesses (python3, jq) and write files (workspace_save) (SKILL.md).
- Sanitization: No specific sanitization or filtering logic is described for file contents.
Audit Metadata