ai-automation-workflows
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface where untrusted data is ingested and passed to AI models. \n
- Ingestion points: The
data_processing.shscript reads local text files usingcat, andconditional_workflow.shaccepts input via command-line arguments. \n - Boundary markers: Absent; external content is directly interpolated into the prompt strings without delimiters. \n
- Capability inventory: The skill uses the
infshCLI to interact with various AI models (e.g., Claude, Flux) and can perform network requests viacurl. \n - Sanitization: Absent; external data is placed raw into the model's JSON input payload. \n- [COMMAND_EXECUTION]: Persistence Patterns. The skill provides detailed examples for using
crontabto schedule recurring execution of AI scripts, which allows the code to maintain a persistent presence on the system. \n- [COMMAND_EXECUTION]: Subprocess Execution. Theautomation.pyPython script utilizes thesubprocessmodule to programmatically execute theinfshCLI tool. \n- [DATA_EXFILTRATION]: External Network Patterns. Themonitored_workflow.shscript includes a pattern for sending status updates and potential error logs to an external webhook URL usingcurl.
Audit Metadata