restate-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides guidance and a TypeScript code sample in SKILL.md for invoking the joelclaw CLI using the node:child_process.spawn method. This functionality is part of the intended purpose to bridge external repositories with the joelclaw runtime.\n- [PROMPT_INJECTION]: The skill implements a communication pattern that includes a prompt field for task descriptions, creating an indirect prompt injection surface.\n
- Ingestion points: The task.prompt and task.kind fields in the JSON payload structure defined in SKILL.md.\n
- Boundary markers: Absent; the instructions do not specify the use of delimiters or safety instructions to prevent the agent from obeying instructions embedded within the data.\n
- Capability inventory: Execution of system commands via joelclaw queue emit and joelclaw workload run as described in SKILL.md.\n
- Sanitization: Absent for prompt content; the provided code ensures safe argument passing via JSON stringification but does not filter or sanitize the contents of the prompt itself.
Audit Metadata