Skills
NYC
skills/johnlindquist/claude/workflow-devkit/Gen Agent Trust Hub

workflow-devkit

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The AI agent templates ingest untrusted data that influences tool execution.
  • Ingestion points: aiAgentWorkflow (templates/ai-agent-workflow.ts) and agentWorkflow (ai-integration.md) ingest UIMessage arrays from users.
  • Boundary markers: Tools use zod for schema validation, which helps constrain inputs but does not prevent malicious intent within those constraints.
  • Capability inventory: The templates demonstrate capabilities for network requests (fetch) and database queries (db.query).
  • Sanitization: The searchDatabase example in ai-integration.md uses direct string interpolation for SQL queries: db.query(SELECT * FROM knowledge WHERE content LIKE '%${query}%'). This allows an attacker to perform SQL injection by crafting prompts that cause the LLM to generate malicious query values.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:02 PM