workflows-compound
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection by ingesting untrusted data from the conversation history to automate file generation.
- Ingestion points: The 'Context Analyzer' and 'Solution Extractor' subagents read conversation history, which is considered untrusted input.
- Boundary markers: The skill definition does not specify any delimiters (like triple quotes or XML tags) or system instructions to ignore embedded commands within the processed text.
- Capability inventory: The 'Documentation Writer' has the capability to write files to the 'docs/solutions/' directory, and the skill can automatically trigger other specialized agents based on the content of the analysis.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the extracted solution content before it is written to the filesystem or passed to other agents.
Audit Metadata