workflow-package-upgrade
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted user input into a workflow with significant capabilities.
- Ingestion points: The user's prompt is passed as context to the
/workflow-start package-upgradecommand inSKILL.md. - Boundary markers: There are no visible delimiters or instructions to ignore embedded commands within the user input.
- Capability inventory: The workflow includes steps like
/code,/test, and mentions performingnpm updateandNuGet upgrade, which involve file system modifications and execution of code/scripts. - Sanitization: No evidence of sanitization or validation of the user-provided prompt before it is used to drive the workflow.
- [NO_CODE]: The skill consists only of markdown instructions and does not include any executable scripts, binaries, or configuration files.
Audit Metadata