project-workspace

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to perform file system operations, such as creating directory structures and generating Markdown files for project organization.
  • Evidence: instructions to create paths like notes\findings.md and screenshots\ under a designated project root in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The agent is instructed to verify facts and pricing using well-known services to populate documentation artifacts.
  • Evidence: instructions to use official Microsoft Learn, Azure pricing, and the Azure Retail Prices API in SKILL.md.
  • [PROMPT_INJECTION]: The skill ingests user-provided topics to generate folder names and content, which creates a surface for indirect prompt injection.
  • Ingestion points: User-provided project topic and folder slug in SKILL.md.
  • Boundary markers: Absent for the interpolation of untrusted user input into generated file content.
  • Capability inventory: File system write access across the project workspace.
  • Sanitization: Includes logic to convert informal or Japanese input into structured English kebab-case slugs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 07:34 AM
Security Audit — agent-trust-hub — project-workspace