workflow-automation

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and analyzing untrusted data from repository files.
  • Ingestion points: The skill is designed to inspect repository files (e.g., READMEs, scripts, configuration files) using Read, Grep, and Glob tools as defined in Step 1 to understand the current workflow state.
  • Boundary markers: The instructions do not define clear delimiters or specific warnings to ignore instructions embedded within the processed repository files.
  • Capability inventory: The skill has access to powerful tools including Bash, Write, and Read across the repository scope, allowing it to potentially act on instructions found in files.
  • Sanitization: There are no explicit steps to sanitize or filter out potential natural language instructions found in the analyzed files before the agent processes them.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:07 AM
Security Audit — agent-trust-hub — workflow-automation