workflow-coordinator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill establishes a protocol for processing handoff payloads, which are untrusted data inputs from other workflows.
- Ingestion points:
handoff-payloadJSON files read from session paths. - Boundary markers: Mandatory JSON Schema (Draft 2020-12) validation is specified to delimit data.
- Capability inventory: Scripts for validation using
python3,wc, andawk; file system access for logging handoff events and writing JSON files. - Sanitization: Instructions recommend the use of
yaml.safe_loadandjsonschema.validateto ensure data integrity and prevent exploit payloads. - [Command Execution] (SAFE): The skill provides benign Python and shell one-liners for administrative tasks like UUID generation, token estimation, and schema validation. These commands use standard libraries and safe loading practices (e.g.,
yaml.safe_load).
Audit Metadata