asc-workflow
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute arbitrary shell commands defined under the
runand hook keys (before_all,after_all,error) in the.asc/workflow.jsonconfiguration file. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it executes instructions (shell commands) provided in a local file that an attacker could potentially modify in a compromised or malicious repository.
- Ingestion points: The agent reads and processes automation logic from
.asc/workflow.jsonand CLI parameters. - Boundary markers: There are no explicit instructions or delimiters provided to the agent to distinguish between trusted instructions and potentially untrusted data within the JSON configuration.
- Capability inventory: The skill allows for arbitrary shell command execution, environment variable interpolation, and sub-workflow orchestration.
- Sanitization: No specific sanitization or escaping mechanisms are mentioned for parameters interpolated into shell commands via
$VARsyntax.
Audit Metadata