dynamic-workflows
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the platform's capability to generate and execute JavaScript orchestration scripts. This is presented as a legitimate feature of the Claude Code CLI.
- [EXTERNAL_DOWNLOADS]: Contains a link to official documentation at code.claude.com. This is the verified domain for the tool and is considered a trusted source.
- [SAFE]: The skill includes explicit security warnings regarding the acceptEdits mode, where sub-agents automatically approve file modifications. It also provides instructions on how to disable the workflow feature entirely using environment variables or configuration files for safety.
- [DATA_EXFILTRATION]: Describes standard persistence behavior for the tool, specifically saving approved workflow scripts to .claude/workflows/ or the user's home directory. This is standard configuration management for the platform.
- [PROMPT_INJECTION]: The skill includes patterns for 'Adversarial verification' to mitigate the risk of malicious or incorrect inputs by having sub-agents refute findings and only keep confirmed items.
Audit Metadata