mockzilla-workflow-architect
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill architecture is vulnerable to indirect prompt injection because it interpolates untrusted data from API requests into its logic and state transitions without sanitization.\n
- Ingestion points: input.body, input.headers, and input.query fields are accessed in SKILL.md and resources/logic-operators.md.\n
- Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded in the API input data.\n
- Capability inventory: The skill utilizes state.set, db.push, db.update, and the test_workflow tool (referenced in SKILL.md).\n
- Sanitization: Absent; no logic is provided to escape or validate external content before interpolation.\n- [Data Exposure & Exfiltration] (SAFE): No sensitive host files or environment variables are accessed. Data operations (db.* and state.*) are confined to the internal Mockzilla simulation context.\n- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not perform external package installations or remote script execution. All functionality is based on internal template logic and Mockzilla tools.
Audit Metadata