asc-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the orchestration of shell commands via
asc workflow run. Commands are defined in a repository-local.asc/workflow.jsonfile and executed usingbash -corsh -c. This core functionality allows the agent to execute arbitrary commands defined in the project files. - [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface (Category 8) by processing external data that can influence execution flow.
- Ingestion points: The skill reads workflow definitions from
.asc/workflow.jsonand runtime parameters from the command line (e.g.,KEY:VALUE). - Boundary markers: The instructions do not specify any delimiters or warnings to treat the content of the workflow file as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has the capability to execute shell commands (
runsteps), invoke sub-workflows, and access environment variables. - Sanitization: Parameters are expanded directly into shell commands via shell expansion (
$VAR) without explicit sanitization or escaping mentioned in the instructions.
Audit Metadata