Skills
skills/agentworkforce/skills/writing-agent-relay-workflows/Gen Agent Trust Hub

writing-agent-relay-workflows

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill documents and encourages the use of {{steps.NAME.output}} for chaining data between agents. This creates an indirect prompt injection surface where untrusted data processed by an upstream agent can be interpolated into the instructions of a downstream agent.
  • Ingestion points: Interpolation of {{steps.plan.output}} and {{steps.read-types.output}} in SKILL.md.
  • Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present in the provided templates.
  • Capability inventory: The workflow system supports execution of arbitrary shell commands and agent-led file modifications.
  • Sanitization: The documentation does not specify sanitization, escaping, or validation requirements for interpolated content.
  • [COMMAND_EXECUTION]: The skill defines 'deterministic' steps that allow for the execution of arbitrary shell commands within the workflow environment.
  • Evidence: Documentation in SKILL.md shows examples using git, test, cat, and shell loops for file verification and commits.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 07:39 PM