agentic-workflow-guide

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references official documentation and guidelines from well-known and trusted organizations including GitHub, Anthropic, and Microsoft (VS Code).
  • [COMMAND_EXECUTION]: Includes a Python script scripts/scaffold_workflow.py designed to automate the creation of project directory structures. The script uses standard libraries for file system operations and does not perform network activity or unsafe dynamic execution.
  • [CREDENTIALS_UNSAFE]: No hardcoded secrets were found. The skill includes dedicated security guidelines (security.instructions.md) that explicitly teach users how to avoid hardcoding credentials and how to use environment variables and secret management tools.
  • [PROMPT_INJECTION]: Instructions use strong language like "MANDATORY" or "MUST" solely to enforce architectural patterns (such as ensuring an orchestrator delegates tasks to sub-agents). No attempts to bypass AI safety filters or override system constraints were detected.
  • [INDIRECT_PROMPT_INJECTION]: Because the skill is designed to read and analyze workspace files (like .agent.md or .instructions.md) to provide reviews or generate scaffolding, it possesses an inherent surface for indirect prompt injection if those processed files contain malicious instructions. This is a common characteristic of development-centric agents and is noted as a low-level risk factor.
  • [DATA_EXFILTRATION]: No patterns related to unauthorized data access or external transmission of sensitive information were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 06:41 PM
Security Audit — agent-trust-hub — agentic-workflow-guide