workflow-review
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs strong instructional markers such as 'IMPORTANT MUST ATTENTION', '[BLOCKING]', and 'ZERO TOLERANCE'. These are used to enforce a complex workflow sequence and task creation requirements. While forceful, these patterns are assessed as legitimate workflow orchestration rather than attempts to bypass AI safety guardrails.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (user prompts and git diffs) while possessing capabilities to modify files and spawn sub-agents.
- Ingestion points: User-provided context and code diffs are ingested via the
/workflow-startand re-review protocols inSKILL.md. - Boundary markers: The skill lacks explicit boundary markers (such as unique delimiters) to isolate untrusted input from the agent's instructions.
- Capability inventory: The skill manages file modifications through the
/cookstep and can spawn recursive sub-agents. - Sanitization: No specific sanitization or validation steps for the ingested code or user prompts are documented.
Audit Metadata