relay-80-100-workflow

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill promotes an "indirect prompt injection" surface through its test-fix-rerun pattern.
  • Ingestion points: Output from commands (e.g., {{steps.run-tests.output}}, {{steps.build-check.output}}) is interpolated into the task instructions for agents in files like SKILL.md.
  • Boundary markers: The provided templates do not utilize delimiters or specific instructions to isolate or ignore potentially malicious content within the command output.
  • Capability inventory: The agents (impl, tester) are granted capabilities to modify source code and execute shell commands in subsequent steps.
  • Sanitization: No sanitization or validation of the captured output is performed before it is presented to the agent.\n- [COMMAND_EXECUTION]: The workflow examples utilize several shell commands for development tasks, including npm, npx, git, grep, and cat.\n- [EXTERNAL_DOWNLOADS]: The skill includes instructions to download and install the @electric-sql/pglite package from the npm registry.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 06:13 PM
Security Audit — agent-trust-hub — relay-80-100-workflow