workflow-build
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a high-level orchestrator for development tasks, focusing on process management and logging. It does not perform unauthorized network operations, access sensitive credentials, or execute unverified remote code.
- [INDIRECT_PROMPT_INJECTION]: The skill implements a workflow that processes user-supplied tasks and passes them to subagents, which represents a standard indirect injection attack surface for agentic workflows.
- Ingestion points: User-provided task descriptions and review findings are incorporated into prompts in SKILL.md.
- Boundary markers: The skill does not use explicit boundary markers or delimiters to separate untrusted user input from the agent's system instructions.
- Capability inventory: The workflow involves file system modifications (via the log skill and implementation workers) and the execution of project-relevant verification checks.
- Sanitization: There is no explicit input validation or sanitization of the task data before it is dispatched to the judge agents.
Audit Metadata