@gw-autonomous-workflow
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The installation instructions utilize an untrusted repository (mthines/gw-tools), posing a risk of executing malicious logic during skill setup.
- COMMAND_EXECUTION (LOW): The skill performs git worktree operations, dependency installations, and test execution as part of its primary development workflow.
- PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface. 1. Ingestion points: User feature requests and codebase contents processed during implementation phases. 2. Boundary markers: No delimiters or ignore instructions are specified in documentation to prevent the agent from obeying instructions found in codebase files. 3. Capability inventory: Filesystem access via Git, arbitrary command execution via test runners and dependency managers, and network access via the GitHub CLI. 4. Sanitization: No sanitization or validation of ingested codebase content is mentioned in the workflow.
Audit Metadata