autonomous-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a wide range of shell commands including Git operations, package manager commands (npm, pnpm, yarn), GitHub CLI (gh), and the 'gw' CLI tool. These commands are essential for its primary purpose of managing isolated development environments and automating the PR process.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the '@gw-tools/gw' npm package and fetches its own updates from the author's official GitHub repository. These sources are consistent with the skill's authorship and represent expected vendor resources.
- [DATA_EXFILTRATION]: The workflow includes a 'gw sync' command designed to copy sensitive environment files (such as .env or secrets/) between local worktrees. While this involves handling credentials, the operation is local to the user's filesystem and intended to maintain environment parity during development.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted content from the codebase using tools like Grep and Read. This data is then used to inform the implementation plan and PR descriptions. While no specific mitigations like boundary markers are explicitly defined in the instructions, this is a standard risk for development-oriented agents.
Audit Metadata