workflow-performance
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: An indirect prompt injection surface was identified where the agent processes external data with high-privilege capabilities. * Ingestion points: The skill uses the user's prompt as context for the 'performance' workflow (SKILL.md). * Boundary markers: Absent; there are no delimiters or instructions to ignore instructions embedded within the user context. * Capability inventory: The workflow includes high-impact actions such as code generation (/code) and test execution (/test) (SKILL.md). * Sanitization: No sanitization, validation, or filtering of the user-provided context is performed before it is passed to the workflow engine.
Audit Metadata