workflow-validate
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill follows standard technical validation principles and Agile Spike methodology.
- [COMMAND_EXECUTION]: The skill includes instructions to perform validation methods such as "Prototype implementation", "UI/UX verification (Playwright MCP)", and "TDD approach". These actions involve creating and running code within the local environment to verify technical assumptions, which is the primary purpose of the skill.
- [DATA_EXFILTRATION]: The skill ingests data from a local file (
docs/work/{name}/analysis.md) to determine the validation approach. While this represents a data ingestion surface, the access is restricted to the local project structure and does not involve sending data to external or untrusted sources. - Ingestion points: Reads
docs/work/{name}/analysis.md(SKILL.md). - Boundary markers: None explicitly defined for file content.
- Capability inventory: Capability to modify project files, create files in
__prototype__/, and execute shell commands/tests (SKILL.md). - Sanitization: None specified for the content of the analysis document.
Audit Metadata