workflow-skill-designer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it generates executable instructions from external sources. \n
- Ingestion points: Natural language descriptions and local
.claude/commandsfiles processed inphases/01-requirements-analysis.md. \n - Boundary markers: Does not utilize specific safety delimiters to wrap ingested content in the final output beyond markdown blocks. \n
- Capability inventory: Employs
Write,Bash,Edit, andAgentacross all generation phases to create and organize the output skill package. \n - Sanitization: Includes a
sanitizePhaseContentfunction inphases/03-phase-design.mdthat filters out command-specific patterns before file generation. \n- [COMMAND_EXECUTION]: The skill utilizes shell commands specifically for local file system operations, such as creating directories for new skill packages (mkdir -p), which is appropriate for its stated purpose. \n- [SAFE]: No indicators of malware, credential theft, obfuscation, or unauthorized network activity were identified. The skill's operations are consistent with its purpose as a meta-development tool.
Audit Metadata