workflow-auto
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill accepts untrusted user input via the
$ARGUMENTSvariable and uses it to drive a sequence of automated tasks. By explicitly instructing the agent to proceed 'without intermediate approval', it creates a surface for indirect prompt injection where an attacker could influence the agent to perform unintended actions that are executed before a user reviews the output of the planning phase. - [PROMPT_INJECTION]: Mandatory evidence chain for indirect injection surface:
- Ingestion points: User-supplied
$ARGUMENTSinSKILL.md. - Boundary markers: Absent; the skill does not use delimiters or instructions to disregard embedded prompts within the user input.
- Capability inventory: Orchestrates multiple skills including
workflow-execute, which typically involves file system modifications and code execution. - Sanitization: Absent; no validation or escaping of user-provided content is performed before processing.
Audit Metadata