dynamic-workflows

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the platform's capability to generate and execute JavaScript orchestration scripts. This is presented as a legitimate feature of the Claude Code CLI.
  • [EXTERNAL_DOWNLOADS]: Contains a link to official documentation at code.claude.com. This is the verified domain for the tool and is considered a trusted source.
  • [SAFE]: The skill includes explicit security warnings regarding the acceptEdits mode, where sub-agents automatically approve file modifications. It also provides instructions on how to disable the workflow feature entirely using environment variables or configuration files for safety.
  • [DATA_EXFILTRATION]: Describes standard persistence behavior for the tool, specifically saving approved workflow scripts to .claude/workflows/ or the user's home directory. This is standard configuration management for the platform.
  • [PROMPT_INJECTION]: The skill includes patterns for 'Adversarial verification' to mitigate the risk of malicious or incorrect inputs by having sub-agents refute findings and only keep confirmed items.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 07:16 AM
Security Audit — agent-trust-hub — dynamic-workflows