asc-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is designed to orchestrate and execute arbitrary shell commands defined under the
runkey in a.asc/workflow.jsonfile. While this is the intended functionality for automation, it grants the agent the capability to execute system-level commands based on file content. - [PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection)
- Ingestion points: The skill reads workflow definitions and environment configurations from a repository-local file
.asc/workflow.json. - Boundary markers: There are no mentioned boundary markers or validation steps to distinguish between legitimate automation commands and malicious instructions embedded in the JSON file.
- Capability inventory: The tool can execute shell commands, manage environment variables, and chain multiple workflows together.
- Sanitization: The documentation explicitly mentions that parameters are referenced via shell expansion (
$VAR), which is a known risk for command injection if parameters (e.g.,BUILD_ID,VERSION) are supplied by an untrusted user or process without proper escaping.
Audit Metadata