ao-workflow-runner
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The README documentation guides users to clone two external GitHub repositories (
agency-agents-zh,agency-orchestrator) and install a global NPM package (agency-orchestrator). These are vendor-owned resources provided by the author (jnMetaCode) for role definitions and workflow orchestration.\n- [COMMAND_EXECUTION]: The installation guide contains shell commands for environment setup, includinggit clone, directory creation (mkdir), and file management (cp,rm).\n- [DATA_EXFILTRATION]: The skill performs local file system operations, reading workflow YAML files and role markdown definitions from the environment and writing execution results to theao-output/directory.\n- [PROMPT_INJECTION]: The skill implements a template engine that replaces{{variables}}in tasks with data from user inputs or previous step outputs without sanitization.\n - Ingestion points: Local YAML workflow files and external Markdown role definitions from
agency-agents-zh/.\n - Boundary markers: Absent; the system relies on direct string interpolation into the role personality prompts.\n
- Capability inventory: Local file system access (read/write) and autonomous role-play execution across sequential steps.\n
- Sanitization: Not implemented; variables are directly injected into the prompt context.
Audit Metadata