workflow-create
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a bash command block to perform a syntax check on generated JavaScript workflow files. It employs
node -eto read the script, wrap it in an asynchronous function block, and write it to a temporary location (/tmp/wf.mjs). It then usesnode --checkto verify the code's syntax without executing it. - [PROMPT_INJECTION]: Native workflows utilize an
agent()hook that accepts a prompt string, which constitutes an ingestion point for indirect prompt injection if external data is subsequently interpolated. - Ingestion points: The
promptargument within theagent()function in.claude/workflows/*.jsfiles. - Boundary markers: No specific delimiters or instructions to ignore embedded instructions are included in the workflow templates.
- Capability inventory: Workflow scripts can utilize all available agent tools, including file system access (
Read,Write,Edit) and shell execution (Bash). - Sanitization: The instructions do not define specific sanitization or escaping protocols for data passed into the agent hook.
- [SAFE]: All file operations and script generation are restricted to the local project environment (
.claude/workflows/) and are consistent with the skill's primary purpose of creating orchestration logic.
Audit Metadata