project-health
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The
workflow-validatoragent is susceptible to indirect prompt injection because it processes untrusted documentation files while possessing the capability to execute shell commands. \n - Ingestion points: The
agents/workflow-validator.mdfile (Phases 1 and 2) identifies and reads untrusted content fromSETUP.md,README.md, and other documentation files.\n - Boundary markers: Absent. There are no instructions to use delimiters or ignore potentially malicious instructions found within the project documentation.\n
- Capability inventory: The
agents/workflow-validator.mdagent is explicitly provided with theBashtool.\n - Sanitization: Absent. The agent is encouraged to 'actually' trace through workflows to verify they work, which could involve direct execution of untrusted commands found in the repository.\n- Command Execution (LOW): The
workflow-validatoragent includes theBashtool for the purpose of verifying processes. This provides a mechanism for local command execution that, while legitimate for the skill's purpose, presents a risk if the agent is manipulated by content in the audited files.
Audit Metadata