create-workflow-command
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the creation of workflow orchestrators that are vulnerable to indirect prompt injection by design. The generated command templates interpolate untrusted user data directly into sub-agent instructions without protective measures.
- Ingestion points: User input is ingested via the $ARGUMENTS variable in the generated orchestrator commands (e.g., commands/workflow-name.md).
- Boundary markers: The provided templates lack delimiters (such as XML tags or triple-backticks) or explicit instructions to ignore embedded commands within the interpolated variables.
- Capability inventory: Sub-agents spawned by the orchestrator are granted Read, Write, Grep, and Glob capabilities, which could be abused if an injection attack succeeds.
- Sanitization: The skill does not provide mechanisms or instructions for sanitizing, validating, or escaping user-supplied content before passing it to sub-agents.
Audit Metadata