issue-driven-workflow

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates an autonomous loop (Planning -> Execution) where the agent is instructed to 'gather context' from external sources such as web searches and documentation. This represents an indirect prompt injection surface where malicious instructions in external data could be incorporated into the planning and subsequent execution phases.
  • Ingestion points: External data enters the context during the 'Planning' phase (SKILL.md) through web searches and file reads.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the scripts or prompts when handling external context.
  • Capability inventory: The skill allows the agent to execute shell commands, read/write files, and perform tests autonomously (SKILL.md and scripts/ directory).
  • Sanitization: The skill's scripts include minimal escaping for YAML frontmatter but lack sanitization for external content interpolated into the workflow state.
  • [COMMAND_EXECUTION]: The skill provides scripts to manage the workflow and instructs the agent to run them via the shell (e.g., scripts/create_plan.py, scripts/validate_issues_csv.py). Additionally, the autonomous execution phase encourages the agent to run tests and other commands defined in a CSV file, granting significant control over the local execution environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 04:18 PM
Security Audit — agent-trust-hub — issue-driven-workflow