ai-automation-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines automation templates that are susceptible to indirect prompt injection by interpolating untrusted data sources directly into prompts.
- Ingestion points: External data is ingested through variables like $INPUT_TEXT in the conditional_workflow.sh example and file contents via $(cat $file) in the data_processing.sh template.
- Boundary markers: No delimiters or defensive instructions are used to separate user data from the system prompt within the templates.
- Capability inventory: The scripts utilize the infsh tool to execute model inference based on these prompts across various providers.
- Sanitization: The templates lack input validation or sanitization before data is passed to the AI models.
- [COMMAND_EXECUTION]: The skill contains multiple script templates (Bash and Python) designed to execute shell commands. While the skill's execution environment is restricted to the infsh command via the allowed-tools frontmatter, the provided examples demonstrate broader use of local file system and network operations.
Audit Metadata