Skills
skills/jeffercb1/skill-bpmn-architect/bpmn-architect/Gen Agent Trust Hub

bpmn-architect

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes untrusted user data through the structured_data parameter.
  • Ingestion points: src/index.ts accepts context, bpmn_ingredients, and logic_flow as z.any() types.
  • Boundary markers: None detected. The system prompt in src/prompt.ts does not use delimiters to isolate user input.
  • Capability inventory: The skill requests Bash, Read, and Write tools in SKILL.md.
  • Sanitization: Input data is not sanitized or validated against a strict schema beyond the top-level object structure.
  • Command Execution (LOW): The skill metadata in SKILL.md requests the Bash tool. While no malicious scripts are present in the provided files, granting shell access to a skill that processes untrusted external data increases the risk of successful exploitation if a prompt injection occurs.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 05:58 PM