workspace-autopsy-governance
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
workspace_autopsy.py) and standard shell commands (mkdir,mv) to perform directory mapping and file migration. These actions are transparent and aligned with the skill's primary function of workspace reorganization. - [DATA_EXPOSURE]: The autopsy script reads and maps the file structure of the current workspace, including directory names and file counts. This metadata is used locally by the agent to generate a restructure proposal and is not transmitted to external endpoints.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data in the form of filenames and directory paths within the target workspace. This creates a minor surface for indirect prompt injection if a workspace contains filenames with malicious instructions. This risk is effectively mitigated by the skill's design, which mandates a manual review and explicit user approval of the 'RESTRUCTURE_PROPOSAL.md' before the migration phase begins.
Audit Metadata