ios-workflow-to-playwright
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data to influence automated code generation.
- Ingestion points: The skill reads user-controlled workflow definitions, including descriptions and steps, from the
/workflows/ios-workflows.mdfile in Phase 1. - Boundary markers: There are no explicit boundary markers or instructions provided to the agent to treat the workflow content as data only or to ignore instructions embedded within the markdown.
- Capability inventory: The skill possesses the capability to write executable files to the filesystem (
e2e/ios-mobile-workflows.spec.ts) and uses sub-agents for selector discovery and code generation (Phase 3 and Phase 6). - Sanitization: The skill does not perform sanitization, escaping, or validation on the input markdown content before interpolating it into prompts for the sub-agents.
Audit Metadata