workflow
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Instruction Override: The skill uses directives such as "CRITICAL" and tells the agent its "knowledge of workflow is outdated." These patterns are designed to override the agent's internal training data in favor of the instructions provided in the skill, which is a common technique for instruction pinning but also a form of prompt injection.
- Indirect Prompt Injection Surface: The skill instructs the agent to perform searches (
glob,grep) within thenode_modules/workflow/docs/directory. This creates a surface where the agent could ingest instructions embedded in external documentation files. - Ingestion points: Markdown files located in
node_modules/workflow/docs/and associated package directories. - Boundary markers: Absent (There are no specific instructions or delimiters to tell the agent to treat the discovered documentation as non-executable data).
- Capability inventory: The skill utilizes
globfor file discovery,grepfor content searching, and variousnpx workflowcommands for system interaction. - Sanitization: Absent (The agent is directed to read and follow the content of the documentation files without validation or sanitization steps).
- Command Execution via NPX: The debugging section lists several
npx workflowcommands. While these are intended for legitimate diagnostic purposes, usingnpxinvolves executing packages that may involve remote retrieval if not already present in the local cache.
Audit Metadata