ai-automation-workflows
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The automation templates demonstrate ingesting external data (e.g., search results in content_pipeline.sh or file content in data_processing.sh) and interpolating it into LLM prompts. While standard for automation, this represents a surface for indirect prompt injection if the ingested content is from untrusted sources.
- Ingestion points: content_pipeline.sh (research data), data_processing.sh (file content), conditional_workflow.sh (user input).
- Boundary markers: None used in templates.
- Capability inventory: Platform tools (belt), network requests (curl), file writes.
- Sanitization: None demonstrated in examples.
- [COMMAND_EXECUTION]: The skill provides scripts that use bash and Python subprocess to orchestrate platform tools. This behavior is consistent with the stated purpose of building automation workflows.
- [EXTERNAL_DOWNLOADS]: Documents installation of the belt CLI and related skills from official vendor repositories on GitHub and NPM.
Audit Metadata