workflow-security-audit
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative instructions ('MUST', 'Do NOT skip') to guide the agent through the workflow. While these are intended to maintain the integrity of the process, such directives are common in prompt injection attempts to override base constraints.
- [PROMPT_INJECTION]: The skill processes user prompts as context for its workflow commands, creating a surface for indirect prompt injection where malicious input could influence the agent's behavior during the audit steps.
- Ingestion points: User input passed to the /workflow-start command (SKILL.md).
- Boundary markers: No delimiters or ignore-instructions markers are present to wrap the user context.
- Capability inventory: Sequences internal commands (/scout, /security, /watzup) defined in the workflow context (SKILL.md).
- Sanitization: No sanitization or validation of the user context is implemented in the skill description.
- [NO_CODE]: The skill consists entirely of markdown instructions without any attached scripts or executable code, significantly limiting the risk of traditional technical exploits.
Audit Metadata