autology-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses coercive language designed to bypass the agent's autonomy and decision-making capabilities.
- Evidence: The skill contains markers like "YOU DO NOT HAVE A CHOICE," "This is not negotiable," "You cannot rationalize your way out of this," and "Follow exactly. Do not adapt."
- Evidence: A "Red Flags" section specifically instructs the agent to suppress its own logical evaluations (e.g., overriding thoughts like "This commit was too small" or "I'm in the middle of something") to force the execution of the workflow.
- [PROMPT_INJECTION]: The workflow is vulnerable to indirect prompt injection through the ingestion of external project data.
- Ingestion points: The skill triggers on "commit, push, PR," or "decisions/conventions discovered" in the codebase.
- Boundary markers: No boundary markers or instructions to ignore embedded commands within the captured data are present.
- Capability inventory: The workflow triggers subsequent automated actions including
triage-knowledge,sync-knowledge, andcapture-knowledgetools. - Sanitization: There is no evidence of sanitization or validation of the data being triaged and captured into the project's documentation.
Audit Metadata