relay-80-100-workflow
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill promotes an "indirect prompt injection" surface through its test-fix-rerun pattern.
- Ingestion points: Output from commands (e.g.,
{{steps.run-tests.output}},{{steps.build-check.output}}) is interpolated into the task instructions for agents in files likeSKILL.md. - Boundary markers: The provided templates do not utilize delimiters or specific instructions to isolate or ignore potentially malicious content within the command output.
- Capability inventory: The agents (
impl,tester) are granted capabilities to modify source code and execute shell commands in subsequent steps. - Sanitization: No sanitization or validation of the captured output is performed before it is presented to the agent.\n- [COMMAND_EXECUTION]: The workflow examples utilize several shell commands for development tasks, including
npm,npx,git,grep, andcat.\n- [EXTERNAL_DOWNLOADS]: The skill includes instructions to download and install the@electric-sql/pglitepackage from the npm registry.
Audit Metadata