fabro-create-workflow

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the creation of shell command nodes (parallelogram shape), allowing for arbitrary command execution within the generated workflow.
  • [COMMAND_EXECUTION]: An example workflow in references/example-workflows.md includes the use of sudo to modify system directories (/usr/local/bin), which constitutes privilege escalation.
  • [EXTERNAL_DOWNLOADS]: The skill provides examples that download the Rust toolchain installer from the well-known service https://sh.rustup.rs during workflow setup.
  • [REMOTE_CODE_EXECUTION]: Example 9 in references/example-workflows.md demonstrates a curl | sh pattern, which executes a remote script directly in the shell.
  • [DATA_EXFILTRATION]: The TOML configuration reference in references/run-configuration.md supports HTTP-based lifecycle hooks, which could be used to transmit internal workflow data to external servers.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it transforms untrusted natural language requirements into executable instructions. * Ingestion points: User-provided requirements during the workflow design process in SKILL.md Step 2. * Boundary markers: None implemented to distinguish user-provided content from the skill's internal logic. * Capability inventory: Generated workflows can execute shell commands and utilize agents with access to file system and network tools as defined in references/dot-language.md. * Sanitization: No input validation or sanitization is performed on user requirements before they are embedded into generated workflow prompts or scripts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 05:45 AM
Security Audit — agent-trust-hub — fabro-create-workflow