Skills
skills/parcadei/continuous-claude-v3/workflow-router/Gen Agent Trust Hub

workflow-router

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability surface. The skill acts as an orchestrator that takes user-provided goals and descriptions and injects them into sub-agent prompts.
  • Ingestion points: Variables like [topic], [feature/task], [task], and [issue description] in the Agent Spawn Examples section of SKILL.md.
  • Boundary markers: Absent. The skill uses simple string templates (e.g., Implement: [task]) without XML tags, delimiters, or 'ignore instructions' warnings.
  • Capability inventory: The skill spawns the kraken agent (Build goal), which is described as an 'Implementation agent' that 'handles coding tasks'. This constitutes a high-privilege write/execute capability.
  • Sanitization: Absent. There is no evidence of input validation or escaping before the data is passed to sub-agents.
  • [COMMAND_EXECUTION] (MEDIUM): The skill uses the shell command ls thoughts/shared/plans/*.md 2>/dev/null in Step 2 to detect existing files. While the path is hardcoded, the use of raw shell commands increases the attack surface if logic were to become more dynamic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 11:40 PM