skills/tstelzer/skills/workflow-build/Gen Agent Trust Hub

workflow-build

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates as a high-level orchestrator for development tasks, focusing on process management and logging. It does not perform unauthorized network operations, access sensitive credentials, or execute unverified remote code.
  • [INDIRECT_PROMPT_INJECTION]: The skill implements a workflow that processes user-supplied tasks and passes them to subagents, which represents a standard indirect injection attack surface for agentic workflows.
  • Ingestion points: User-provided task descriptions and review findings are incorporated into prompts in SKILL.md.
  • Boundary markers: The skill does not use explicit boundary markers or delimiters to separate untrusted user input from the agent's system instructions.
  • Capability inventory: The workflow involves file system modifications (via the log skill and implementation workers) and the execution of project-relevant verification checks.
  • Sanitization: There is no explicit input validation or sanitization of the task data before it is dispatched to the judge agents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:16 PM
Security Audit — agent-trust-hub — workflow-build