workflow-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk capability to read untrusted local files and write executable configuration files.
- Ingestion points: The skill uses
ProjectDetector(Path.cwd())in SKILL.md to scan the local file system. - Boundary markers: Absent; there are no instructions to the agent to ignore instructions or malicious patterns found within the project files.
- Capability inventory: The skill uses
WriteandBashtools to modify files in.github/workflows/, which are high-privilege files executed by GitHub Actions runners. - Sanitization: Absent; the skill uses
engine.render_fileto generate output from templates without explicit sanitization of the project-derived metadata. - [Unverifiable Dependencies] (MEDIUM): The Python implementation relies on a non-standard
project_detectorlibrary and references undefined external commands like/attune:upgrade-projectand/pensive:shell-review. - [Dynamic Execution] (MEDIUM): The skill dynamically generates executable YAML workflows at runtime using a template engine (
engine.render_file).
Recommendations
- AI detected serious security threats
Audit Metadata