ai-automation-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses Bash scripts and the
infshCLI tool to orchestrate AI tasks, manage system files, and handle subprocesses. It also demonstrates the use of background processes and thewaitcommand for parallel execution. - [PROMPT_INJECTION]: The
data_processing.shtemplate contains an indirect prompt injection surface. It reads raw content from local files and injects them directly into a prompt string for an LLM. - Ingestion points: Reads files from the
./data/raw/directory usingcatwithin a script (documented inSKILL.md). - Boundary markers: Absent. The file content is interpolated directly into the JSON input for the AI model.
- Capability inventory: The skill has the ability to execute shell commands, read/write files, and communicate with external AI APIs via
infsh. - Sanitization: No sanitization, escaping, or filtering is performed on the data read from the files before it is sent to the LLM.
- [COMMAND_EXECUTION]: The skill provides instructions for setting up persistence via system
crontab. While this is presented for its intended purpose of scheduled automation, it demonstrates how the skill's logic can be integrated into the host system's persistence mechanisms.
Audit Metadata