workflow-testing
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it passes the user's prompt directly into the workflow context without sanitization or delimiters.\n
- Ingestion points: User prompt is passed as context to the
/workflow-start testingcommand in SKILL.md.\n - Boundary markers: Absent. There are no instructions or delimiters to isolate the user-provided context from the workflow's command structure.\n
- Capability inventory: The skill triggers internal workflow commands
/testand/workflow-end. No high-risk capabilities such as file system modification, network access, or code execution were found in the provided file.\n - Sanitization: Absent. The skill does not perform any validation or escaping on the user's input before using it in the workflow.
Audit Metadata