workflow-reader
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected in the skill's documentation or Python implementation.\n- [DATA_EXPOSURE]: The
load_workflowfunction intools/workflow.pyallows reading local JSON files from a path provided as an argument. While this grants access to local files, the functionality is restricted to JSON parsing and is the intended purpose of the tool for workflow analysis.\n- [PROMPT_INJECTION]: The tool processes external JSON data which may include user-defined strings such as subgraph names. This represents a minor indirect prompt injection surface if the agent incorporates these raw strings into its own prompts without validation.\n - Ingestion points: Local JSON files are read and parsed in
tools/workflow.py.\n - Boundary markers: The tool does not provide output delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill uses standard libraries (
json,pathlib) and does not possess capabilities for network exfiltration, shell execution, or runtime code evaluation.\n - Sanitization: No sanitization or filtering is applied to the metadata extracted from the JSON input.
Audit Metadata