workflow-orchestration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines a surface for ingesting untrusted data from external workflow files.
- Ingestion points: Task definitions are read from XML sections within ITEM-XXX.md files.
- Boundary markers: The protocol uses explicit XML tags (e.g., , ) and Markdown headers to separate data from instructions.
- Capability inventory: Executor agents are authorized to run shell commands (e.g., npm test) and modify files based on these task definitions.
- Sanitization: No explicit sanitization logic for the XML-embedded commands is provided in the skill documentation.
- [COMMAND_EXECUTION] (SAFE): The skill facilitates command execution as a core feature of the 'Executor' agent role. These capabilities are intended and follow a structured protocol designed for oversight and verification.
Audit Metadata