workflow
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/workflow_runner.pyscript executes builder, flasher, and debugger scripts associated with various development environments. Analysis confirms that these subprocesses are invoked using argument lists rather than shell strings, which is a secure implementation that prevents shell injection attacks. - [EXTERNAL_DOWNLOADS]: The skill references other skill modules (e.g.,
build-keil,flash-openocd) located within the same local directory structure. It does not perform any remote code downloads or execution from external servers. - [DATA_EXFILTRATION]: The skill operates on local project directories and handles firmware artifact paths. There are no network operations or patterns indicating the unauthorized transmission of data to external domains.
- [PROMPT_INJECTION]: The
SKILL.mdfile contains instructional content for the agent to manage workflows. It does not contain any hidden commands, behavioral overrides, or attempts to bypass the agent's safety constraints.
Audit Metadata