aiworkflow-requirements
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious instructions, obfuscated patterns, or data exfiltration vectors were identified across the 162 files analyzed.
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to perform maintenance tasks such as indexing documentation and searching specifications (e.g.,node scripts/generate-index.js). The use of shell commands is inherent to the skill's purpose as a requirements manager and is limited to local script execution. - [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the skill reads and processes local documentation files from the
references/directory. However, this is the intended core functionality, and no markers of adversarial intent were found. - [CREDENTIALS_UNSAFE]: While the documentation files discuss sensitive environmental variables (e.g.,
ANTHROPIC_API_KEY,TURSO_AUTH_TOKEN), all instances are placeholders or format descriptions for developer guidance and do not contain actual secrets.
Audit Metadata