requirement-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several bash scripts (e.g.,
init-workflow.sh,advance-stage.sh) that perform file system operations, such as creating directories and updating YAML configuration files using standard utilities likesedandgrepto maintain workflow state.\n- [PROMPT_INJECTION]: The skill's architecture relies on reading and following instructions from local project files, which presents a surface for indirect prompt injection.\n - Ingestion points: Documentation files such as
spec.md,tasks.md, anddesign.md, as well as configuration files likehooks.yaml.\n - Boundary markers: Absent; the prompts do not use specific delimiters or instructions to prevent the AI from adopting commands or directions found within these user-editable markdown files.\n
- Capability inventory: The system can transition workflow states, modify project files, and dynamically 'launch' or 'inject' additional agents/skills based on configuration strings.\n
- Sanitization: Absent; the content within the ingested markdown and YAML files is used to drive AI behavior without being filtered for instructional or adversarial patterns.
Audit Metadata