duyetbot-workflow
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by instructing the agent to 'inspect' the repository and rely on external 'knowledge files' to resolve ambiguity and perform orchestration. This creates an attack surface where malicious data within the repository or knowledge files could override agent instructions.
- Ingestion points: Repository content (via 'inspect' commands) and referenced 'knowledge files' mentioned in
SKILL.md. - Boundary markers: Absent; there are no instructions to delimit external content or ignore embedded commands within retrieved data.
- Capability inventory: The skill describes capabilities for orchestration, spawning agents, and task execution ('act', 'orchestrate', 'spawn').
- Sanitization: Absent; no escaping or validation steps are provided for the information gathered from external sources.
Audit Metadata