workflow-hotfix
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection where untrusted user input is utilized as context for a privileged hotfix workflow.
- Ingestion points: User's prompt enters the agent context via the /workflow-start command in SKILL.md.
- Boundary markers: There are no markers or delimiters defined to isolate the user input from the skill's operational instructions.
- Capability inventory: The sequence of commands triggered includes /fix and /test, which imply file system writes and code execution capabilities.
- Sanitization: No input sanitization or validation mechanisms are implemented to prevent malicious instructions within the user prompt from influencing the workflow.
Audit Metadata