workflow-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation provides instructions for the agent to execute local shell and Python scripts, specifically
workflow_engine/hook_runner.shandworkflow_engine/runner.py, to manage the state machine and automate development tasks.- [EXTERNAL_DOWNLOADS]: The documentation identifies a requirement forinotify-tools, a well-known Linux utility used for monitoring file system events, which may need to be installed on the host system.- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it is designed to ingest and process untrusted data from an external file (user_request.json). - Ingestion points: User requirements are loaded from
user_request.jsonand passed through five sequential agent steps as described inSKILL.md. - Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions to separate user data from agent prompts.
- Capability inventory: The skill has the capability to write files, generate code patches, and execute commands via its orchestration engine.
- Sanitization: There is no mention of input validation or content filtering for the data ingested from the requirement files.
Audit Metadata