update-workflow-explorer
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands (git branch, git diff) to determine the scope of work based on the current repository state. These are read-only operations used for change detection.
- [INDIRECT_PROMPT_INJECTION]: The skill processes content from internal markdown files in the skills/ and agents/ directories to extract workflow logic. While these are project-owned files, they serve as an ingestion point for data that influences the skill's output.
- Ingestion points: Markdown source files defined in the mapping table and workflow-explorer.html.
- Boundary markers: Absent; there are no specific instructions to ignore malicious content within source files.
- Capability inventory: Execution of git commands and file write operations to workflow-explorer.html.
- Sanitization: Absent; the skill does not explicitly describe validating or escaping the extracted logic strings before updating the HTML file.
Audit Metadata