workflow-coordinator
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's documentation and reference files (e.g., SKILL.md, references/handoff-validation.md) provide shell commands for generating trace identifiers and performing data validation using python3 -c one-liners.
- [PROMPT_INJECTION]: The skill facilitates the processing of data from external workflows, creating a surface for indirect prompt injection.
- Ingestion points: Natural language data is ingested through schema fields such as handoff.context.summary, handoff.context.original_prompt, and handoff.payload.working as described in references/universal-handoff-schema-v3.0.json.
- Boundary markers: The instructions for receiving agents in SKILL.md do not include explicit delimiters or safety instructions to treat ingested strings as non-executable data.
- Capability inventory: The skill is capable of local file system interaction (reading and writing to session and log files) and executing shell commands for validation purposes.
- Sanitization: There is no evidence of sanitization or escaping logic applied to the natural language fields before they are presented to the agent's context.
Audit Metadata