workflow-prototype

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted external data.
  • Ingestion points: The agent reads existing design documents, the repository contents, and a workflow log, all of which may contain content from external sources.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present when passing data to dispatched judges.
  • Capability inventory: The skill possesses the ability to write to the file system (logs and design docs) and dispatch judges that can modify code in the repository.
  • Sanitization: There is no evidence of sanitization or validation of the contents of the design docs or log files before they are used to generate prompts for sub-agents.
  • [COMMAND_EXECUTION]: The skill manages the lifecycle of sub-agents ("judges" and "workers") and instructs them to perform file modifications and implementation tasks based on the provided design documents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 08:57 AM
Security Audit — agent-trust-hub — workflow-prototype