approval-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behaviors, obfuscation, or unauthorized operations were identified. No credentials, persistence mechanisms, or privilege escalation patterns were found.
- [PROMPT_INJECTION]: The skill processes markdown files to trigger actions, which is an inherent part of its human-in-the-loop function. This is categorized as a surface for indirect prompt injection.
- Ingestion points: Markdown files in /Pending_Approval/ and /Approved/ folders (referenced in scripts/check_expired.py and examples.md).
- Boundary markers: Uses standard YAML delimiters (---) to isolate action parameters.
- Capability inventory: File system management (rename, write_text) and execution of actions defined in frontmatter (placeholders for email, payment, and social posts).
- Sanitization: Employs yaml.safe_load() to prevent execution of arbitrary code within YAML frontmatter.
Audit Metadata