workflow-design-dev-handoff
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes imperative markers like 'IMPORTANT' and 'You MUST' to enforce a specific command execution order. While intended for workflow structure, these patterns are characteristic of behavioral override attempts.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection:
- Ingestion points: User prompts are passed directly as context to the /workflow-start command in SKILL.md.
- Boundary markers: The skill does not use delimiters or boundary instructions to isolate the user-provided context.
- Capability inventory: The skill triggers multiple internal commands (/design-spec, /review-artifact, /handoff, /plan, /plan-review, /plan-validate), which could be manipulated by instructions embedded in the user prompt.
- Sanitization: User input is not sanitized, validated, or filtered before being processed as context.
Audit Metadata