workflow-orchestrator
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill includes code templates using BashOperator and subprocess.run to perform system-level tasks like database backups and file cleanup. These are standard operations for workflow orchestration but provide a functional surface for shell execution.- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface detected in the data pipeline example. 1. Ingestion points: pandas.read_csv in the transform_data function. 2. Boundary markers: Absent in the instructions or code examples. 3. Capability inventory: Includes BashOperator (shell execution), PythonOperator (arbitrary Python), and subprocess.run (process execution). 4. Sanitization: The example code does not demonstrate sanitization or validation of the ingested CSV content before processing.- [SAFE] (SAFE): No malicious patterns, obfuscation, or unauthorized data exfiltration detected. Hardcoded configuration (localhost Redis, local SMTP) is for local service connectivity and is safe.
Audit Metadata