tgw-project-folder-organizer
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes user-controlled Markdown files from the directory being organized. This could allow malicious instructions inside the analyzed project to influence the agent's behavior.
- Ingestion points: The skill reads SOURCE_OF_TRUTH.md, README.md, AGENTS.md, CLAUDE.md, SKILL.md, and other project-specific documentation from the user-provided project root.
- Boundary markers: No explicit delimiters or instructions are used to isolate file content from the agent's system instructions.
- Capability inventory: The agent can scan directory structures, read file contents, move/rename files, and create/overwrite configuration files.
- Sanitization: No sanitization or validation of the content of the read Markdown files is performed.
- [SAFE]: The skill implements security best practices for local file system operations.
- Safety Boundaries: It maintains a comprehensive list of sensitive file types, including credentials and identity documents, that are explicitly marked as restricted to prevent automated movement.
- Manual Confirmation: All destructive actions, such as moving files or overwriting existing rules, require explicit and independent user confirmation before execution.
- Read-Only Audit: The skill's workflow begins with a read-only auditing phase to ensure the user reviews the proposed changes before any action is taken.
Audit Metadata