using-templates
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (SAFE): The skill uses shell commands such as ls, cat, and mkdir to manage workflow files in the project root and user configuration directories (~/.claude/workflows). These operations are restricted to the skill's intended purpose and do not target sensitive system files.
- [Indirect Prompt Injection] (LOW): The skill processes .flow files which represent a surface for indirect prompt injection. (1) Ingestion points: Reads .flow files from ./workflows/ and ~/.claude/workflows/. (2) Boundary markers: Absent; uses simple parameter interpolation. (3) Capability inventory: File system read and write access and internal workflow execution via the /orchestration:template tool. (4) Sanitization: No sanitization of template content or parameter values is specified in the instructions.
Audit Metadata