workshop
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design. It functions as a logging and retrieval system for experiments and recipes, which involves processing and storing untrusted user-provided text. This stored content is later read back into the agent's context.
- Ingestion points: User input for experiment details, boundaries, and recipes is collected and written to markdown files in the ~/.hermetic/workshop/ directory across multiple files including experiment.md, recipe.md, and boundary.md.
- Boundary markers: No specific boundary markers or delimiters are employed to isolate user-provided data from system instructions within the stored files.
- Capability inventory: The skill possesses file read and write capabilities within the local workspace for managing workshop documentation as specified in SKILL.md and workshop.md.
- Sanitization: No input validation or filtering logic is present to prevent instructions within text logs.
Audit Metadata