workflow-automation
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and analyzing untrusted data from repository files.
- Ingestion points: The skill is designed to inspect repository files (e.g., READMEs, scripts, configuration files) using
Read,Grep, andGlobtools as defined in Step 1 to understand the current workflow state. - Boundary markers: The instructions do not define clear delimiters or specific warnings to ignore instructions embedded within the processed repository files.
- Capability inventory: The skill has access to powerful tools including
Bash,Write, andReadacross the repository scope, allowing it to potentially act on instructions found in files. - Sanitization: There are no explicit steps to sanitize or filter out potential natural language instructions found in the analyzed files before the agent processes them.
Audit Metadata