workflow-batch-operation
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses strong imperative language ("You MUST", "Do NOT skip") to ensure the agent follows the complex workflow sequence. While benign in this context, these patterns are often used in prompt injection to override agent constraints.
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection as the user's prompt is passed as context to a workflow containing high-capability steps.
- Ingestion points: The user's prompt is directly interpolated into the
/workflow-startcommand as context. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill.
- Capability inventory: The triggered workflow includes steps for code generation (
/code), test specification (/tdd-spec), and execution (/test), which imply file-system access and command execution capabilities. - Sanitization: There is no evidence of input validation or sanitization before the data is processed by the workflow steps.
Audit Metadata