create-workflow
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions provide clear guidance for workflow design and project scaffolding. It does not contain any attempts to override safety filters, bypass constraints, or extract system prompts.
- [COMMAND_EXECUTION]: The skill performs file system operations (reading/writing TypeScript and Markdown files) and utilizes local MCP tools for versioning and running workflows. These actions are within the scope of a code generation and developer productivity tool.
- [DATA_EXFILTRATION]: File access is limited to the
src/crayon/project directory. There is no evidence of unauthorized sensitive file access or network operations intended to exfiltrate data. The mention of authentication via 'crayon cloud' refers to a tool-mediated process for local developer integration. - [EXTERNAL_DOWNLOADS]: The skill references standard libraries like 'runcrayon' and 'zod' as dependencies for generated code but does not download arbitrary scripts or execute remote code from untrusted sources.
Audit Metadata