workflow-e2e-update-ui
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs strong imperative language such as 'MUST create todo tasks' and 'Do NOT skip any step'. While common in automation, this pattern can be used to override the agent's standard operating procedures or safety constraints.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data through the 'user's prompt' and passing it directly into the
/workflow-startcommand. Evidence: (1) Ingestion point: User's prompt passed as context in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: Executes internal commands /scout, /e2e-test, /test, and /watzup. (4) Sanitization: No sanitization or validation of the user context is defined.
Audit Metadata