ao-workflow-runner

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The installation instructions guide the user to download supporting repositories (agency-agents-zh, agency-orchestrator) and an NPM package from the author's own infrastructure. These are expected dependencies for the workflow runner's functionality.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes YAML workflow definitions and Markdown role files.
  • Ingestion points: Reads local YAML files and Markdown definitions from agency-agents-zh directory.
  • Boundary markers: The skill does not explicitly specify boundary markers for untrusted content, but instructions require full embodiment of the role described in the files.
  • Capability inventory: The skill is restricted to prompt orchestration and local file output (ao-output/).
  • Sanitization: Content is used directly for variable substitution and persona definition.
  • [CREDENTIALS_UNSAFE]: The README provides a standard example for environment variable configuration using a placeholder (sk-xxx). This is a safe documentation practice and does not contain hardcoded secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 06:26 PM
Security Audit — agent-trust-hub — ao-workflow-runner