ISA
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a background shell command (
curl) to a local notification service athttp://localhost:31337/notifywhenever a workflow is invoked. This appears to be a local instrumentation for the user's environment. - [PROMPT_INJECTION]: The
Seedworkflow (Workflows/Seed.md) identifies an attack surface for indirect prompt injection. The skill ingests content from external sources to bootstrap project documentation. - Ingestion points:
Workflows/Seed.mdreads untrusted data from local repository files, includingREADME.md,package.json,tsconfig.json,wrangler.toml,vite.config.*, and git commit history. - Boundary markers: The workflow does not explicitly instruct the agent to use delimiters or 'ignore' instructions when processing the content of these files.
- Capability inventory: The skill has the capability to write and edit files in the workspace and execute shell commands (
curl,git,wc). - Sanitization: There are no instructions provided for sanitizing or validating the ingested file content before it is incorporated into the new ISA artifact.
Audit Metadata