ao-workflow-runner
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation instructions guide the user to download supporting repositories (agency-agents-zh, agency-orchestrator) and an NPM package from the author's own infrastructure. These are expected dependencies for the workflow runner's functionality.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes YAML workflow definitions and Markdown role files.
- Ingestion points: Reads local YAML files and Markdown definitions from agency-agents-zh directory.
- Boundary markers: The skill does not explicitly specify boundary markers for untrusted content, but instructions require full embodiment of the role described in the files.
- Capability inventory: The skill is restricted to prompt orchestration and local file output (ao-output/).
- Sanitization: Content is used directly for variable substitution and persona definition.
- [CREDENTIALS_UNSAFE]: The README provides a standard example for environment variable configuration using a placeholder (sk-xxx). This is a safe documentation practice and does not contain hardcoded secrets.
Audit Metadata