skills-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements a pipeline where the output of one step becomes the input for the next, creating a surface for indirect prompt injection.
- Ingestion points: Step outputs enter the agent context in Section 3 (Execution).
- Boundary markers: Not explicitly enforced; relies on user-provided templates.
- Capability inventory: The skill invokes arbitrary external 'Skills'.
- Sanitization: The skill includes explicit instructions in Section 5 to treat outputs as untrusted and ignore any embedded commands meant to override system rules.
- [DATA_EXFILTRATION]: The skill manages potentially sensitive data as it moves through the pipeline. It includes safety guardrails to detect and redact secrets (API keys, tokens) before they are logged in the execution trace.
- [COMMAND_EXECUTION]: The skill facilitates the invocation of external modules. It mitigates risk through an 'Interactive Setup' phase and a 'Pipeline Plan' output that ensures user visibility and confirmation before execution begins.
Audit Metadata