workflow-producer
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it sequentially reads content from files in the
articles/directory (generated in previous stages) and uses that content to formulate prompts for subsequent sub-agent tasks. Malicious instructions placed in earlier drafts or research notes could influence the orchestrator's behavior in later stages.\n - Ingestion points: Project-specific Markdown files stored in the
articles/[project_name]/directory throughout the 12-stage workflow.\n - Boundary markers: No clear delimiters or safety instructions (e.g., "ignore embedded commands") are used to separate ingested file data from agent instructions.\n
- Capability inventory: The skill has the capability to read and write files within the local workspace and invoke 12 distinct sub-agents using provided Agent tools.\n
- Sanitization: No sanitization or validation logic is present for the data read from the local file system before it is interpolated into prompts for agents like
writing-executororeditor-review.
Audit Metadata