workspace-autopsy-governance

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (workspace_autopsy.py) and standard shell commands (mkdir, mv) to perform directory mapping and file migration. These actions are transparent and aligned with the skill's primary function of workspace reorganization.
  • [DATA_EXPOSURE]: The autopsy script reads and maps the file structure of the current workspace, including directory names and file counts. This metadata is used locally by the agent to generate a restructure proposal and is not transmitted to external endpoints.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data in the form of filenames and directory paths within the target workspace. This creates a minor surface for indirect prompt injection if a workspace contains filenames with malicious instructions. This risk is effectively mitigated by the skill's design, which mandates a manual review and explicit user approval of the 'RESTRUCTURE_PROPOSAL.md' before the migration phase begins.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 12:02 PM
Security Audit — agent-trust-hub — workspace-autopsy-governance