multi-user-workflow-generator
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via the Bash tool to control playwright-cli for browser automation. This includes session management, navigation, and UI interactions across multiple named persona contexts.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external data.
- Ingestion points: Codebase contents are retrieved via Read, Grep, and Glob tools, and user persona details are collected through interactive prompts.
- Boundary markers: Data is interpolated into sub-agent prompts using placeholders without clear delimiters or instructions to disregard embedded instructions in the source code.
- Capability inventory: The skill can execute shell commands, manage browser sessions, and write workflow documentation to the filesystem.
- Sanitization: No explicit sanitization or validation of codebase content or user input is documented before its use in constructing prompts or shell commands.
Audit Metadata