tgw-project-folder-organizer

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes user-controlled Markdown files from the directory being organized. This could allow malicious instructions inside the analyzed project to influence the agent's behavior.
  • Ingestion points: The skill reads SOURCE_OF_TRUTH.md, README.md, AGENTS.md, CLAUDE.md, SKILL.md, and other project-specific documentation from the user-provided project root.
  • Boundary markers: No explicit delimiters or instructions are used to isolate file content from the agent's system instructions.
  • Capability inventory: The agent can scan directory structures, read file contents, move/rename files, and create/overwrite configuration files.
  • Sanitization: No sanitization or validation of the content of the read Markdown files is performed.
  • [SAFE]: The skill implements security best practices for local file system operations.
  • Safety Boundaries: It maintains a comprehensive list of sensitive file types, including credentials and identity documents, that are explicitly marked as restricted to prevent automated movement.
  • Manual Confirmation: All destructive actions, such as moving files or overwriting existing rules, require explicit and independent user confirmation before execution.
  • Read-Only Audit: The skill's workflow begins with a read-only auditing phase to ensure the user reviews the proposed changes before any action is taken.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:26 AM
Security Audit — agent-trust-hub — tgw-project-folder-organizer