Skills
skills/outfitter-dev/outfitter/skills-workflows/Gen Agent Trust Hub

skills-workflows

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents and promotes a specialized preprocessing syntax (!command) that executes shell commands and injects their output into the prompt before it reaches the model. Examples include system utilities like git, gh, psql, node, and jq, providing a mechanism for arbitrary command execution within the agent's environment.
  • [PROMPT_INJECTION]: The workflow design is susceptible to indirect prompt injection because it incorporates data from potentially untrusted external sources.
  • Ingestion points: Data enters the context via shell command outputs (e.g., commit messages, PR reviews, log files) and file reads from artifacts/*.md.
  • Boundary markers: The templates use Markdown headers for structure but lack explicit security delimiters or 'ignore embedded instructions' warnings for external content.
  • Capability inventory: The system allows extensive capabilities including Bash execution and file system manipulation (Write, Edit, Read).
  • Sanitization: No sanitization, validation, or escaping of the injected data is implemented in the patterns described.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 07:20 AM
Security Audit — agent-trust-hub — skills-workflows