ai-automation-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The "Data Processing Pipeline" template in
SKILL.mdidentifies a vulnerability surface for indirect prompt injection by interpolating raw file content directly into an LLM prompt string. - Ingestion points: Reads local text files from
./data/raw/via thecatcommand. - Boundary markers: The content is interpolated without delimiters or instructions to the model to ignore embedded commands.
- Capability inventory: Uses the
beltCLI tool to send the generated prompt to AI models for processing. - Sanitization: No escaping, validation, or sanitization is applied to the file content before it is placed in the command string.
- [COMMAND_EXECUTION]: The skill provides numerous Bash and Python script templates that execute the
beltCLI tool for authentication and application execution. It also includes instructions for users to set upcronjobs for task persistence and usessubprocess.runin Python to interface with the platform's CLI.
Audit Metadata