workflow-deployment
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by design, as it accepts a user's prompt as the primary context for a complex deployment workflow.
- Ingestion points: Untrusted user data enters the agent context via the user's prompt passed to the
/workflow-start deploymentcommand inSKILL.md. - Boundary markers: The skill does not define any delimiters or explicit 'ignore embedded instructions' warnings to prevent the agent from following instructions hidden within the user context.
- Capability inventory: The workflow triggers highly capable tools including
/code(code generation),/test(execution), and/sre-review(infrastructure modification), which could be manipulated by a malicious prompt. - Sanitization: There is no evidence of input validation, escaping, or filtering of the external content before it is processed by the downstream workflow commands.
Audit Metadata