create-workflow

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions provide clear guidance for workflow design and project scaffolding. It does not contain any attempts to override safety filters, bypass constraints, or extract system prompts.
  • [COMMAND_EXECUTION]: The skill performs file system operations (reading/writing TypeScript and Markdown files) and utilizes local MCP tools for versioning and running workflows. These actions are within the scope of a code generation and developer productivity tool.
  • [DATA_EXFILTRATION]: File access is limited to the src/crayon/ project directory. There is no evidence of unauthorized sensitive file access or network operations intended to exfiltrate data. The mention of authentication via 'crayon cloud' refers to a tool-mediated process for local developer integration.
  • [EXTERNAL_DOWNLOADS]: The skill references standard libraries like 'runcrayon' and 'zod' as dependencies for generated code but does not download arbitrary scripts or execute remote code from untrusted sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 05:07 PM
Security Audit — agent-trust-hub — create-workflow