workshop

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design. It functions as a logging and retrieval system for experiments and recipes, which involves processing and storing untrusted user-provided text. This stored content is later read back into the agent's context.
  • Ingestion points: User input for experiment details, boundaries, and recipes is collected and written to markdown files in the ~/.hermetic/workshop/ directory across multiple files including experiment.md, recipe.md, and boundary.md.
  • Boundary markers: No specific boundary markers or delimiters are employed to isolate user-provided data from system instructions within the stored files.
  • Capability inventory: The skill possesses file read and write capabilities within the local workspace for managing workshop documentation as specified in SKILL.md and workshop.md.
  • Sanitization: No input validation or filtering logic is present to prevent instructions within text logs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:30 AM
Security Audit — agent-trust-hub — workshop