workflow-feature-docs
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs authoritative instructional framing ("IMPORTANT: You MUST", "Do NOT skip") to ensure the agent adheres to a specific command sequence. While used for workflow integrity, this pattern is characteristic of attempts to override agent constraints.
- [PROMPT_INJECTION]: The workflow passes untrusted user input directly into a multi-step sequence of automated commands, establishing an indirect prompt injection surface.
- Ingestion points: User prompt passed as context to the feature-docs workflow in SKILL.md.
- Boundary markers: The skill lacks delimiters or explicit instructions to ignore embedded commands within the user input.
- Capability inventory: The workflow triggers a sequence of internal commands (/scout, /investigate, /docs-update, etc.).
- Sanitization: No sanitization or validation of the user context is defined.
Audit Metadata