workflow-creator
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs standard file system operations (Read, Write, Edit, Bash) within the project's .claude directory to create workflows and update routing metadata, which is consistent with its stated purpose of managing project orchestration.
- [SAFE]: External data ingestion is limited to trusted academic sources (arXiv) and standard web search tools for the purpose of pattern research, following the project's ecosystem alignment guidelines.
- [SAFE]: The skill incorporates mandatory validation checklists and existence checks (Step 0 through Step 9) to prevent duplicate artifacts and ensure that all referenced agents and skills exist before finalizing a workflow.
- [SAFE]: The provided Node.js script (main.cjs) handles input sanitization for filenames and directory paths, preventing path traversal or command injection through CLI arguments.
- [SAFE]: Lifecycle management is handled via standard pre-execute and post-execute hooks that maintain a state file for the project's creator ecosystem, ensuring transparency and cleanup of runtime state.
Audit Metadata