asc-workflow
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill describes the orchestration and execution of shell commands through the
asc workflow runcommand. These commands are defined in a repository-local configuration file (.asc/workflow.json) and are executed usingbash -o pipefail -corsh -cas specified in the 'Shell behavior' section. - [PROMPT_INJECTION]: The skill defines a system that reads and executes logic from repository-local files, which presents a surface for indirect prompt injection. If an agent processes a repository containing a malicious
.asc/workflow.jsonfile, it could be induced to execute arbitrary shell commands. - Ingestion points: The agent is instructed to read workflow definitions from
.asc/workflow.jsonin the active repository. - Boundary markers: The provided instructions do not include specific delimiters or boundary markers to differentiate the JSON-defined command strings from the agent's internal logic.
- Capability inventory: The skill facilitates arbitrary shell execution via the
asctool's workflow runner, which can call both built-inasccommands and generic shell commands. - Sanitization: The skill documents a
--dry-runcapability which allows for the inspection of commands instderrbefore actual execution takes place.
Audit Metadata