skill-chain-prompts
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements an orchestration layer that processes YAML-based workflow definitions, which introduces a potential indirect prompt injection surface.\n
- Ingestion points: Workflow definitions provided in
assets/chains/and custom YAML blocks input by users.\n - Boundary markers: There are no explicit delimiters or specific instructions to isolate and ignore embedded commands within the workflow steps.\n
- Capability inventory: The skill is designed to invoke multiple other system skills (e.g.,
/api-design-patterns,/deployment-cicd) sequentially.\n - Sanitization: No input validation or filtering of YAML fields such as
skillorargsis implemented.\n- [NO_CODE]: The skill consists solely of markdown and YAML configuration files. It does not distribute any executable scripts or binary files.
Audit Metadata