ai-automation-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Orchestrates workflows using the
infshCLI and complex Bash scripting including loops, conditionals, and background processes. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection in
data_processing.shandconditional_workflow.sh. External data from files ($(cat $file)) and command-line arguments ($1) are directly interpolated into LLM prompts. - Ingestion points:
conditional_workflow.sh(CLI arguments),data_processing.sh(local file content in SKILL.md). - Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are used.
- Capability inventory: Shell access via
Bashtool, network access viacurlandinfsh, and file system access (specified in SKILL.md). - Sanitization: Absent; input is used raw in the prompt string.
- [EXTERNAL_DOWNLOADS]: Recommends installing additional skills from the
inference-shrepository vianpx skills add. These are vendor-provided resources from the author.
Audit Metadata