agent-workflow-designer
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata contains deceptive maintainer information designed to mislead users.
- Evidence: The YAML frontmatter and overview section claim the skill is maintained by the 'Claude Skills Team', whereas the skill's actual author is identified as 'borghei'. This impersonation of an official vendor could lead users to trust the skill's safety or instructions more than is warranted.
- [PROMPT_INJECTION]: The orchestration patterns provided in the skill are vulnerable to indirect prompt injection attacks.
- Ingestion points: External data and user inputs (e.g.,
state['topic'],tasks,request, andevent['payload']['diff']) are ingested and processed by the agent nodes defined in the LangGraph and custom orchestrator implementations (SKILL.md). - Boundary markers: The prompt templates used across all five patterns (Sequential, Fan-Out, Hierarchical, etc.) lack delimiters or 'ignore' warnings to separate instructions from untrusted data, allowing an attacker to override the agent's logic through the input strings.
- Capability inventory: The code examples leverage the
anthropicandlangchain-anthropiclibraries to execute network requests to AI models, which can be manipulated to perform unintended analysis or generation via injected instructions. - Sanitization: There is no evidence of sanitization, validation, or escaping of inputs before they are interpolated into the f-string prompts (e.g., in
research_stage,writing_stage, andplanmethods).
Audit Metadata