nav-workflow

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted user input is interpolated into shell commands.
  • Ingestion points: SKILL.md (Step 1 and Step 2) passing {USER_REQUEST} and {RECENT_CONTEXT} to local scripts.
  • Boundary markers: No delimiters or instructions are used to isolate user-provided text from the command structure.
  • Capability inventory: The skill uses the Bash tool to execute functions/complexity_detector.py and functions/skill_detector.py.
  • Sanitization: User-provided data is not validated or escaped before being used as command-line arguments.
  • [COMMAND_EXECUTION]: The unit tests included with the skill (functions/test_complexity_detector.py, functions/test_phase_indicator.py, and functions/test_skill_detector.py) use subprocess.run to execute local Python scripts during the verification process.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 04:43 AM
Security Audit — agent-trust-hub — nav-workflow