asc-workflow
Warn
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands provided in the
.asc/workflow.jsonfile usingbash -o pipefail -corsh -c. This allows for arbitrary command execution within the agent's environment. - [REMOTE_CODE_EXECUTION]: By processing and running commands from files within the repository, the skill is susceptible to executing malicious code if an attacker gains write access to the repository or through a malicious Pull Request.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect injection via untrusted repository data.
- Ingestion points: Commands and logic are loaded from the
.asc/workflow.jsonfile in the local workspace. - Boundary markers: Commands are structured within specific JSON keys (e.g.,
run,before_all,after_all), providing some structural separation but no protection against malicious content within those keys. - Capability inventory: The agent can execute any shell command available to the user, including network operations and file system modifications.
- Sanitization: The skill includes a
--dry-runfeature to preview commands, which serves as a manual verification step, but no automated sanitization of the command strings is mentioned.
Audit Metadata