The Agent Skills Directory

[SAFE]: The skill consists of documentation, reference guides, and YAML templates for the 'Agentflow' workflow system. No malicious instructions, hidden commands, or unauthorized data access patterns were detected.
[COMMAND_EXECUTION]: The execute_spec workflow template includes a validation.commands field (referenced in references/workflows.md) for running local tests and verification steps during software implementation. This is a standard functional feature of the platform.
[DATA_EXFILTRATION]: The workflow contracts use a context_policy (described in references/workflows.md) to explicitly define and restrict the agent's access to repository files and web domains, facilitating a policy-based data access model.
[PROMPT_INJECTION]: The skill defines workflows that ingest external data, creating a surface for indirect prompt injection. 1. Ingestion points: Data enters via context_policy (web, files, apps) in deep_research and spec_design, spec_source in execute_spec, and review_source in review_change (documented in references/workflows.md). 2. Boundary markers: The templates do not explicitly mandate specific delimiters or instructions to ignore embedded prompts in ingested data. 3. Capability inventory: The platform supports local command execution via validation.commands and the agentflow CLI (referenced in SKILL.md). 4. Sanitization: No specific sanitization or filtering logic for external content is defined within the provided workflow contracts.

agentflow-managed-workflows