workflow-skill-creator
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill acts as a development framework for creating other skills. It follows security best practices by requiring manual human-in-the-loop approval for designs, documenting rate limits, and utilizing a provided CLI script template that avoids third-party dependencies by using the Python standard library.
- [COMMAND_EXECUTION]: In Phase 3 and 4, the skill instructions guide the agent to generate Python scripts and execute them using
uv run. This is the intended core functionality of a skill-creation utility and is performed within the local environment to validate the generated code. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection (Category 8) because it processes untrusted user workflow data to generate new instructions. This risk is mitigated by a mandatory multi-round brainstorming phase (Phase 1) that requires the agent to interpret, summarize, and confirm patterns with the user, rather than blindly interpolating raw data into the resulting skill.
Audit Metadata