workflow-rig
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands and file system operations within a Kubernetes environment through the joelclaw CLI handlers.
- Evidence: The 'shell' and 'infer' handlers are documented to support bash execution, file editing, and git operations (clone, commit, push) as part of the workload execution process.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its architecture of ingesting external data to drive agent behavior.
- Ingestion points: Untrusted data enters the agent context through user-provided intent strings in planning commands and external stage definitions provided via the '--stages-from' argument.
- Boundary markers: The skill documentation does not mention the use of specific delimiters or markers to separate instructions from data.
- Capability inventory: The system has broad capabilities, including git repository access, file system modification, and shell command execution.
- Sanitization: There is no description of sanitization or validation of input content before it is processed by the agentic 'infer' or 'shell' handlers.
Audit Metadata