Skills
skills/catlog22/claude-code-workflow/workflow-multi-cli-plan/Gen Agent Trust Hub

workflow-multi-cli-plan

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute vendor-specific commands (ccw cli, ccw spec), manage the file system, and read configuration schemas from the local environment.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it reads content from arbitrary files, semantic search outputs, and CLI results, which are then incorporated into prompts for further AI processing.\n
  • Ingestion points: Processes data from Read(filePath), mcp__ace-tool__search_context, and synthesis.json files.\n
  • Boundary markers: Uses standard Markdown headers to delineate injected data but lacks strict boundary enforcement or instruction-bypass protection.\n
  • Capability inventory: The workflow has access to Bash (command execution), Agent (sub-agent spawning), and file system modification tools (Write, Edit).\n
  • Sanitization: Content is interpolated into templates without specialized sanitization or validation of the input data.\n- [EXTERNAL_DOWNLOADS]: The skill interacts with external AI services (including Gemini, Codex, and Claude) via the ccw cli tool to perform analysis and task execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 12:27 AM