ai-automation-workflows
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes multiple Bash and Python script templates designed to execute system commands and the
infshCLI. It specifically provides instructions for usingcrontabto establish persistence for scheduled tasks, which is an expected part of the automation workflow use case.\n- [PROMPT_INJECTION]: The skill demonstrates patterns for processing external data (from files and command-line arguments) by interpolating it directly into AI prompts indata_processing.shandconditional_workflow.sh. This creates a surface for indirect prompt injection.\n - Ingestion points:
data_processing.sh(reading local text files),conditional_workflow.sh(processing script arguments).\n - Boundary markers: No delimiters or specific instructions to ignore embedded commands are present in the provided templates.\n
- Capability inventory: The scripts have the ability to execute CLI tools (
infsh), perform network requests (curl), and write to the local file system.\n - Sanitization: No sanitization or escaping is performed on the data before it is sent to the AI models.\n- [DATA_EXFILTRATION]: The
monitored_workflow.shtemplate includes a pattern for sending command results and error logs to an external webhook URL viacurl. While described as a monitoring feature, this could facilitate the transmission of data to external servers.\n- [EXTERNAL_DOWNLOADS]: The documentation references the installation of additional skill modules from theinference-shvendor usingnpx skills add.
Audit Metadata