browser-workflow-generator
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill analyzes the application's source code to identify routes, interactive components, and data models. This ingestion of untrusted data from the local environment creates a potential surface for indirect prompt injection if the codebase contains strings or comments specifically designed to manipulate the agent's behavior during workflow generation.
- Ingestion points: Project codebase (router configurations, UI components, state management files) read during Phase 2.
- Boundary markers: None explicitly used when passing codebase findings to subagents.
- Capability inventory: Spawns subagents, performs web searches via the Task tool, and writes to the local filesystem (/workflows/browser-workflows.md).
- Sanitization: No explicit sanitization or filtering of the project source code content is performed before it is processed by the LLM subagents.
- [COMMAND_EXECUTION]: The skill utilizes a task management framework (TaskCreate, TaskUpdate) and spawns subagents to perform exploration and research. While these represent agent actions rather than raw shell commands, they execute within the context of the user's project codebase.
Audit Metadata