workflow-automation
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process untrusted external data from repository files to classify workflows and generate automation code.
- Ingestion points: Untrusted data enters the agent's context through files read from the repository (e.g., README, Makefiles, existing shell scripts) using the
Read,Grep, andGlobtools. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when the agent processes these external files.
- Capability inventory: The skill allows the use of the
BashandWritetools, which could be exploited if an attacker-controlled file successfully injects instructions that the agent then follows. - Sanitization: There are no instructions provided for sanitizing, escaping, or validating the content read from the repository files before it is used to generate new automation artifacts or execute commands.
Audit Metadata