workflow-revision

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data from review findings and uses it to drive high-privilege actions like source code modification and sub-agent orchestration.
  • Ingestion points: Untrusted data enters via the $ARGUMENTS parameter in SKILL.md or is read from the .workflow/state.json file (specifically stages.review.artifacts.findings).
  • Boundary markers: The instructions lack delimiters or specific directives to ignore potentially malicious instructions embedded within the findings data.
  • Capability inventory: The skill possesses the capability to modify arbitrary project files (Step 2/Step 3) and dispatch sub-agents to perform tasks based on the findings content.
  • Sanitization: There is no evidence of validation, escaping, or filtering of the input findings before they are used to determine file-system modifications or sub-agent instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 08:12 AM
Security Audit — agent-trust-hub — workflow-revision