workflow-automator
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is composed entirely of markdown instructions and metadata, with no included executable scripts, binaries, or code files.
- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection as it is instructed to ingest data from external project files that could contain malicious instructions.
- Ingestion points: The workflow section instructs the agent to read project files including
package.json,.github/workflows/, andMakefile. - Boundary markers: No boundary markers or "ignore embedded instructions" warnings are provided to the agent for processing these files.
- Capability inventory: The skill can generate and suggest the execution of shell scripts, Git hooks (pre-commit, commit-msg), and CI/CD configurations.
- Sanitization: There is no instruction to sanitize, validate, or escape the content ingested from the project files before processing.
- [SAFE]: The skill follows security best practices by explicitly instructing that sensitive information such as keys and tokens must be handled via environment variables or secrets rather than being hardcoded.
Audit Metadata