agentic-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The workflow design involves agents reading output files generated by previous stages (e.g., from .claude/cache/agents/). This creates a surface for indirect prompt injection where adversarial content in an intermediate file could influence the behavior of downstream agents.\n
- Ingestion points: Data is read from files in the .claude/cache/agents/ directory.\n
- Boundary markers: The prompt templates do not explicitly include delimiters or instructions for the agent to ignore embedded commands within ingested data.\n
- Capability inventory: Sub-agents have access to tools like RP-CLI and Task, and the implementation agent is tasked with executing code.\n
- Sanitization: No sanitization of the intermediate files is specified before they are read by downstream agents.\n- [COMMAND_EXECUTION]: The workflow instructions facilitate the execution of code and system utilities.\n
- The implementation agent follows a Test-Driven Development (TDD) approach, which includes writing and running test code.\n
- Monitoring instructions provided in the skill use standard shell commands (find, wc) to check activity in the local filesystem.
Audit Metadata