acomo-workflow-modeling
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to interact with the 'acomo' CLI tool. It explicitly instructs the agent to use commands such as 'acomo schema show', 'acomo createWorkflowModel', and 'acomo publishWorkflowModel' to validate and register workflow definitions. This behavior is consistent with the skill's stated purpose of workflow modeling.
- [PROMPT_INJECTION]: The skill operates by ingesting untrusted business descriptions from users to generate workflow models, which presents a surface for indirect prompt injection (Category 8).
- Ingestion points: Business descriptions and requirements provided by the user during the 'Hearing' phase described in 'SKILL.md'.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when processing user input.
- Capability inventory: The agent has the ability to execute 'acomo' CLI commands, which can modify system state or publish models.
- Sanitization: No explicit sanitization or validation steps for user-provided text are defined within the skill files.
Audit Metadata