nav-workflow
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted user input is interpolated into shell commands.
- Ingestion points:
SKILL.md(Step 1 and Step 2) passing{USER_REQUEST}and{RECENT_CONTEXT}to local scripts. - Boundary markers: No delimiters or instructions are used to isolate user-provided text from the command structure.
- Capability inventory: The skill uses the
Bashtool to executefunctions/complexity_detector.pyandfunctions/skill_detector.py. - Sanitization: User-provided data is not validated or escaped before being used as command-line arguments.
- [COMMAND_EXECUTION]: The unit tests included with the skill (
functions/test_complexity_detector.py,functions/test_phase_indicator.py, andfunctions/test_skill_detector.py) usesubprocess.runto execute local Python scripts during the verification process.
Audit Metadata