Skills
skills/itallstartedwithaidea/agent-skills/workflow-orchestration/Gen Agent Trust Hub

workflow-orchestration

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The orchestration logic in SKILL.md creates a surface for indirect prompt injection.
  • Ingestion points: Webhook triggers and input parameters entering the workflow context.
  • Boundary markers: The interpolate function performs direct string replacement without delimiters or security headers to distinguish data from instructions.
  • Capability inventory: The framework can execute LLM calls and MCP tools based on interpolated data, allowing malicious inputs to trigger actions.
  • Sanitization: The code lacks validation or escaping for external content before use in prompts or tool arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 07:04 PM