feature-workflow-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists primarily of markdown templates for planning, design, and review processes, containing no executable code or malicious logic.
- [COMMAND_EXECUTION]: The skill contains standard development command snippets (git, npm) for branching, testing, and deployment (SKILL.md). These are intended for use by a developer and align with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill provides templates for feature specifications and user stories (SKILL.md, workflow-templates.md) which serve as ingestion points for external data. Capability inventory: Git and NPM command execution (SKILL.md). Boundary markers: Absent. Sanitization: Absent. This creates a surface for indirect prompt injection, though the risk is associated with the intended primary purpose of orchestrating development workflows.
Audit Metadata