workspace-guide

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The provided reference scripts use execSync to perform legitimate operations such as creating git worktrees, managing Docker containers, and running build or migration scripts. These commands are integral to the skill's purpose of automating development workflows and are executed locally within the repository's context.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @paleo/workspace NPM package, which is a developer-owned resource belonging to the skill's author ('paleo'). This package centralizes the workspace management logic.\n- [DATA_EXFILTRATION]: The scripts access and modify project files such as .env and docker-compose.yml to patch environment-specific ports. This access is localized to the workspace setup process, and no network operations or external data exfiltration patterns were detected.\n- [PROMPT_INJECTION]: The skill includes explicit documentation and instructions for AI agents to facilitate their interaction with the workspace system. These instructions are procedural and intended to guide the agent in performing its tasks safely within the established conventions, with no evidence of bypass or override attempts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:15 AM
Security Audit — agent-trust-hub — workspace-guide