ai-automation-workflows
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. Example scripts such as 'conditional_workflow.sh' and 'data_processing.sh' ingest untrusted data from shell arguments or local files and interpolate it directly into prompt strings for LLMs via the 'belt' CLI. The lack of sanitization or clear boundary markers allows for potential manipulation of the agent's instructions by malicious input data.
- [COMMAND_EXECUTION]: The skill's primary function involves executing shell commands to automate tasks. It provides templates for creating cron jobs for persistence and uses Bash and Python to invoke the 'belt' CLI.
- [EXTERNAL_DOWNLOADS]: The skill provides links to external installation resources and documentation hosted by 'inference.sh'. These are standard requirements for the tools described in the skill.
Audit Metadata