workflow-greenfield
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as a wrapper that passes user-provided input directly into a multi-step automated workflow engine.
- Ingestion points: The user's prompt is ingested as the full context for the
/workflow-startcommand inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between the user's data and the workflow instructions, increasing the risk of indirect prompt injection.
- Capability inventory: The resulting workflow has access to powerful capabilities including web research (
/web-research,/deep-research), code generation and file system modifications (/scaffold,/cook), and test execution (/test,/integration-test). - Sanitization: No sanitization, validation, or escaping of the user context is performed before it is passed to the workflow sequence.
Audit Metadata