workflow-prototype
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted external data.
- Ingestion points: The agent reads existing design documents, the repository contents, and a workflow log, all of which may contain content from external sources.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present when passing data to dispatched judges.
- Capability inventory: The skill possesses the ability to write to the file system (logs and design docs) and dispatch judges that can modify code in the repository.
- Sanitization: There is no evidence of sanitization or validation of the contents of the design docs or log files before they are used to generate prompts for sub-agents.
- [COMMAND_EXECUTION]: The skill manages the lifecycle of sub-agents ("judges" and "workers") and instructs them to perform file modifications and implementation tasks based on the provided design documents.
Audit Metadata