workflow-state
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Employs a dedicated MCP server (
exarchos) for state persistence, which centralizes workflow data management and avoids the security risks associated with agents manually parsing or modifying local JSON files. - [SAFE]: Implements a 'Circuit Breaker' pattern within compound states (e.g., Feature, Debug workflows) to prevent automated agents from entering infinite loops during repetitive review-fix cycles.
- [SAFE]: Instructions correctly advise against accessing legacy file paths (e.g.,
~/.claude/workflow-state/), promoting more secure and synchronized tool-based access patterns. - [SAFE]: External references to companions and installation commands (e.g.,
create-exarchos) are consistent with the skill's functional scope and originate from the author's own ecosystem without suspicious patterns.
Audit Metadata