workflow-dev-qa-handoff
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs assertive language such as 'IMPORTANT', 'MUST', and 'Do NOT skip' to enforce a specific task sequence. While functional for the workflow, these directives mimic patterns used to override agent constraints.
- [PROMPT_INJECTION]: There is a risk of indirect prompt injection as the skill instructs the agent to pass the 'user's prompt' as context to the '/workflow-start' command. Without delimiters or sanitization, malicious instructions within the user's prompt could be interpreted as commands. * Ingestion points: Untrusted user input enters the context via the /workflow-start command (SKILL.md). * Boundary markers: Absent; there are no clear separators defined to isolate the user prompt from the skill's own instructions. * Capability inventory: The skill utilizes workflow management commands including /handoff, /test-spec, and /workflow-end. * Sanitization: Absent; the skill does not specify any methods for filtering or validating the user-provided context.
Audit Metadata