workflow-creator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSNO_CODEPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The installation guide recommends 'npx skills add genfeedai/skills/workflow-creator'. Since the 'genfeedai' organization is not a verified trusted source, this instruction promotes the acquisition of unvetted third-party software.
- NO_CODE (LOW): Only documentation and metadata are present. The lack of the core 'SKILL.md' file or any associated scripts makes it impossible to verify the logic the agent uses to transform natural language into workflow JSON.
- PROMPT_INJECTION (LOW): The skill exposes an Indirect Prompt Injection surface (Category 8) by processing untrusted natural language descriptions. Evidence Chain: 1. Ingestion: User-provided pipeline descriptions; 2. Boundary markers: None; 3. Capability: Generates complex node-based JSON for AI operations; 4. Sanitization: None documented. The severity is low because the output is a static data structure meant for manual import rather than direct execution.
Audit Metadata